Log Analytics SecurityEvents - Add System data elements such as Keywords
Currently, the SecurityEvents table is missing the System data elements from the native Windows Security Log events. Included in the System data elements is the Keywords data item which indicates whether a specific event is an Audit Success or Audit Failure. This significantly reduces the usefulness of LogAnaylytics to track Security Audit events.
Matt G. commented
I'd really like this as well. I'm missing extremely relevant system event fields in my Events events. For example, for certain events, I need "Execution ProcessID" and "Correlation ActivityID".
For example Event 4724 - an attempt to reset a password - can be a success audit or a failure.
Log Analytics doesn't appear to bring through this information.