Can you please add the Microsoft-Windows-Sysmon/* to Logs
To be able to support Sysinternals SysMon
This has also been demoed in the Ignite session here http://channel9.msdn.com/events/Ignite/2015/BRK3500
The list is just a ‘convenience’ list of common logs.
is there something you must to to make it available? I have enabled the IIS logs but it the eventlogs: Microsoft-Windows-Sysmon/Operational is not an option to be selected. Maybe this is only enabled for the European tenants.
Thank you a lot for the fast respone :o)
It's really a nice tool!