We’re looking at using information from the Windows Security Center to collect status from non-Microsoft antimalware products.
335 votes20 comments · Azure Monitor-Log Analytics » Log Management and Log Collection Policy · Flag idea as inappropriate… · Admin →
This is currently under development, scheduled to be in preview later in 2018scott commented
we are just beginning deployment of MOS and use WEF to collect the security event logs from our servers. seems like they just need a parser in OMS to see the logs correctly. we can see all the correct logs in the WEF server correctly. (IE adding a new account and adding to the local admin group. this creates a security event but it not getting reported accurately in OMS. having to deploy an agent on our 1300 servers to get this information seems senseless as windows already has a built in method to collect the logs. isn't that the whole point of integration(especially with tools from the same company)