![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(105.60000000000001, 44%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EO%3C/text%3E%3C/svg%3E)
1,299 questions
For Windows Security Events you will use the "Windows Security Events via AMA" connector page. From there you can create Windows Security Event DCR rules (it will not be created automatically). Though, any VMs or Arc systems in scope for the DCR rule will get the AMA extension deployed (if not already applied by policy).
These rules created from the connector page may appear to be blank or empty when viewing from the DRC page. That is due to the template not matching the UI criteria. You can verify event collection in the SecurityEvents table. Additional DCR instructions provided below.