https://community.dynatrace.com/t5/Alerting/Adding-Microsoft-Windows-Windows-Defender-in-Log-Storage/m-p/216448#M3601 <P>Thanks to my colleague&nbsp;<a href="https://community.dynatrace.com/t5/user/viewprofilepage/user-id/63586">@Ranjeet_Tiwari</a>&nbsp;it now works. The log storage matcher is changed to</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="McVitas_0-1688030602758.png" style="width: 400px;"><img src="https://community.dynatrace.com/t5/image/serverpage/image-id/12536i56A36706330F4651/image-size/medium?v=v2&amp;px=400" role="button" title="McVitas_0-1688030602758.png" alt="McVitas_0-1688030602758.png" /></span></P><P>and custom log source rule is like this</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="McVitas_1-1688030665347.png" style="width: 400px;"><img src="https://community.dynatrace.com/t5/image/serverpage/image-id/12537i425F30C47C16F303/image-size/medium?v=v2&amp;px=400" role="button" title="McVitas_1-1688030665347.png" alt="McVitas_1-1688030665347.png" /></span></P><P>However I am not very wise from this and it still doesn't make much sense to me :-]</P> Thu, 29 Jun 2023 09:25:06 GMT McVitas 2023-06-29T09:25:06Z https://community.dynatrace.com/t5/Alerting/Adding-Microsoft-Windows-Windows-Defender-in-Log-Storage/m-p/216355#M3600 <P>Hello, I want to create alert based on certain events from this eventlog, but can't figure out how to make Dynatrace ingest it.</P> <P>We have one Log storage configuration rule like this</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="McVitas_0-1687944295051.png" style="width: 400px;"><img src="https://community.dynatrace.com/t5/image/serverpage/image-id/12518i3ED2E75900193924/image-size/medium?v=v2&amp;px=400" role="button" title="McVitas_0-1687944295051.png" alt="McVitas_0-1687944295051.png" /></span></P> <P>and this works and default eventlogs are visible in Log viewer. I tried adding this Microsoft-Windows-Windows Defender/Operational</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="McVitas_1-1687944334824.png" style="width: 400px;"><img src="https://community.dynatrace.com/t5/image/serverpage/image-id/12519i36B0641396E93621/image-size/medium?v=v2&amp;px=400" role="button" title="McVitas_1-1687944334824.png" alt="McVitas_1-1687944334824.png" /></span></P> <P>like this:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="McVitas_2-1687944384404.png" style="width: 400px;"><img src="https://community.dynatrace.com/t5/image/serverpage/image-id/12520i5475A0891C4B311C/image-size/medium?v=v2&amp;px=400" role="button" title="McVitas_2-1687944384404.png" alt="McVitas_2-1687944384404.png" /></span></P> <P>but nothing comes up. According to <A href="https://www.dynatrace.com/support/help/observe-and-explore/logs/log-monitoring/acquire-log-data/add-log-files-manually-v2#expand--example" target="_self">this documentation page</A> I tried adding a full path to the evtx file which is %SystemRoot%\System32\Winevt\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx but this also don't seem to work.</P> <P>I tried to add the same in Custom log source configuration like this</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="McVitas_3-1687944747199.png" style="width: 400px;"><img src="https://community.dynatrace.com/t5/image/serverpage/image-id/12521i3AAA15E73DEEC5AB/image-size/medium?v=v2&amp;px=400" role="button" title="McVitas_3-1687944747199.png" alt="McVitas_3-1687944747199.png" /></span></P> <P>but still no events show up even though there are new events happening for example when I disable/enable realtime protection in Windows Security GUI.</P> <P>Ideas?</P> Thu, 06 Jul 2023 14:24:07 GMT https://community.dynatrace.com/t5/Alerting/Adding-Microsoft-Windows-Windows-Defender-in-Log-Storage/m-p/216355#M3600 McVitas 2023-07-06T14:24:07Z https://community.dynatrace.com/t5/Alerting/Adding-Microsoft-Windows-Windows-Defender-in-Log-Storage/m-p/216448#M3601 <P>Thanks to my colleague&nbsp;<a href="https://community.dynatrace.com/t5/user/viewprofilepage/user-id/63586">@Ranjeet_Tiwari</a>&nbsp;it now works. The log storage matcher is changed to</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="McVitas_0-1688030602758.png" style="width: 400px;"><img src="https://community.dynatrace.com/t5/image/serverpage/image-id/12536i56A36706330F4651/image-size/medium?v=v2&amp;px=400" role="button" title="McVitas_0-1688030602758.png" alt="McVitas_0-1688030602758.png" /></span></P><P>and custom log source rule is like this</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="McVitas_1-1688030665347.png" style="width: 400px;"><img src="https://community.dynatrace.com/t5/image/serverpage/image-id/12537i425F30C47C16F303/image-size/medium?v=v2&amp;px=400" role="button" title="McVitas_1-1688030665347.png" alt="McVitas_1-1688030665347.png" /></span></P><P>However I am not very wise from this and it still doesn't make much sense to me :-]</P> Thu, 29 Jun 2023 09:25:06 GMT https://community.dynatrace.com/t5/Alerting/Adding-Microsoft-Windows-Windows-Defender-in-Log-Storage/m-p/216448#M3601 McVitas 2023-06-29T09:25:06Z https://community.dynatrace.com/t5/Alerting/Adding-Microsoft-Windows-Windows-Defender-in-Log-Storage/m-p/217124#M3630 <P>Thanks for sharing the answer,&nbsp;<a href="https://community.dynatrace.com/t5/user/viewprofilepage/user-id/63414">@McVitas</a>&nbsp;<span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span>&nbsp;</P> Thu, 06 Jul 2023 14:25:28 GMT https://community.dynatrace.com/t5/Alerting/Adding-Microsoft-Windows-Windows-Defender-in-Log-Storage/m-p/217124#M3630 AgataWlodarczyk 2023-07-06T14:25:28Z