Event Log Monitoring - Windows Defender Actions

WilsonElectronics · 2021-08-27T21:42:51+00:00

There was an error rendering this rich post.

Hi,

I'd like to setup alerts that email us when Windows Defender takes an action. Actions and event ID's are listed here:

https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/troubleshoot-microsoft-defender-antivirus?view=o365-worldwide

The issue is I'm unable to select the Event Log Source as the Windows Defender log. The only options are Application, System, and Security, and Defender keeps its logs in its own log under "Applications and Services Logs". In order to monitor that log it has to be selected as the source.

How can I instruct Remote Monitoring to watch for the events in: Microsoft-Windows-Windows Defender/Operational

With event ID's: 1005,1006,1007,1008,1015,1116,1117,1118,1119

Find more posts tagged with

Comments

There are no comments yet

Quick Links

All Categories
Recent Discussions
Activity
Unanswered
Groups
Help
Best Of