Hi there,
We are not getting any logs in the “AD Security Logs” log set of our IDR instance. We have IDR collecting logs via WMI from our Domain Controller and are receiving logs in the Active Directory Admin Activity, Asset Authentication, and Host to IP Observations log sets, but we are not receiving logs in the “AD Security Logs” checkbox under each of those sections.
There isn’t much information regarding this issue in Microsoft’s or R7’s docs, so I was curious if this is an issue that someone has seen before and found a fix for.
Any help here would be much appreciated, thank you!