We want to input defender logs to Graylog, but all I am seeing is information for using the enterprise edition of Graylog, which we do not have. Is there really no other way to get defender logs into Graylog?
I have been looking at Graylog documentation, Elastic documentation, and Microsoft documentation. I am not seeing anything for adding a new input, that doesn’t involve the use of the Enterprise license for Graylog
If you mean defender logs coming through the cloud, that input is enterprise only. In open you would need an agent or script to sit in the middle, logstash or one of the beats agents may do it.
If you just want endpoint logs, you can collect those just right from the windows event logs on the workstation.
Ok, currently it is not collecting the defender event logs from the workstation. Could you direct me to a guide that can help me with this?
When you say defender, is it Windows Defender the built as the Antivirus that’s builtin within Windows or Defender the EDR with licenses intended for Cloud or enterprise ?
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
