How can we improve Azure Log Analytics ?

Windows file audit event columns - Add more data from the raw XML

Please add more columns to EventIDs related to Windows file auditing. An example is the query Type=SecurityEvent EventID=4663. When the query is executed, lots of useful data is stuck in the EventData column, such as the SubjectUserName, ProcessID, ProcessName fields. Would be very nice to be able to search on these.

2 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Anonymous shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    1 comment

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
      Password icon
      Signed in as (Sign out)
      Submitting...
      • kushagra agarwal commented  ·   ·  Flag as inappropriate

        We are noticing that for security events we are not collecting complete data in OMS, we are missing description and some other fields in the event data . We would like to see complete raw data for any event being extracted in OMS

      Feedback and Knowledge Base