Windows Security Events
This section contains information about log sources for Windows Security. To implement Log Source Optimization (LSO), you must use the MS Windows Event Logging XML - Security log source type and apply the LogRhythm Default v2.0 log processing policy. For information on supported log messages and parsing, see the configuration guide:
The subsequent LSO documentation contains detailed information on parsing changes and new log processing settings. The EVID pages show the differences between the old log processing policy (LogRhythm Default) and the new policy to be used with LSO (LogRhythm Default v2.0). Use these pages for reference as you migrate from the old log source type and LogRhythm Default policy to MS Windows Event Logging XML - Security and LogRhythm Default v2.0 policy.
- LSO - MS Windows Event Logging XML - Security
- LSO - MS Windows Event Logging - Security
- LSO - MS Windows Event Logging : Deutsch - Security
- LSO - MS Windows Event Logging : Español - Security
- LSO - MS Windows Event Logging : Français - Security
Support for ADFS Events
Log Source Stabilization (LSS) does not support ADFS Events with the updated MPE rules and log processing policy (LogRhythm Default v2.0). ADFS Events are supported separately with MS Windows Event Logging XML - ADFS. If you are using Microsoft Active Directory Federation Services (ADFS) and streaming ADFS logs through Windows Security log source types, we recommend using log source virtualization to stream MS Windows Event Logging XML - ADFS log messages.
For more information, see Log Source Virtualization.