How can we improve Azure Log Analytics ?

Log Analytics SecurityEvents - Add System data elements such as Keywords

Currently, the SecurityEvents table is missing the System data elements from the native Windows Security Log events. Included in the System data elements is the Keywords data item which indicates whether a specific event is an Audit Success or Audit Failure. This significantly reduces the usefulness of LogAnaylytics to track Security Audit events.

4 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Jim Brewster shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    1 comment

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Richard commented  ·   ·  Flag as inappropriate

        For example Event 4724 - an attempt to reset a password - can be a success audit or a failure.
        Log Analytics doesn't appear to bring through this information.

      Feedback and Knowledge Base