How can we improve Azure Log Analytics ?

Log Analytics SecurityEvents - Add System data elements such as Keywords

Currently, the SecurityEvents table is missing the System data elements from the native Windows Security Log events. Included in the System data elements is the Keywords data item which indicates whether a specific event is an Audit Success or Audit Failure. This significantly reduces the usefulness of LogAnaylytics to track Security Audit events.

5 votes
Vote
Sign in
(thinking…)
Sign in with: oidc
Signed in as (Sign out)
You have left! (?) (thinking…)
Jim Brewster shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

1 comment

Sign in
(thinking…)
Sign in with: oidc
Signed in as (Sign out)
Submitting...
  • Richard commented  ·   ·  Flag as inappropriate

    For example Event 4724 - an attempt to reset a password - can be a success audit or a failure.
    Log Analytics doesn't appear to bring through this information.

Feedback and Knowledge Base