Hi.
We would like to collect the following Event Logs in IDR. Is this possible with IDR?
%SystemRoot%\System32\Winevt\Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx
This is not possible with just IDR and the native agent capabilities, you’d need to leverage a tool such as Nxlog to collect custom paths like this
Bummer, thanks.
NXLog basic (free) can do this though and it’s relatively simple. I have it running on both of our collectors that we use for Windows Event Forwarding
Thanks Brad.
Curious what other Event Logs are you collecting?
I might go down this road if we actually decide to leverage AppLocker.