Skip to main content
Skip table of contents

Windows Security Events

This section contains information about log sources for Windows Security. To implement Log Source Optimization (LSO), you must use the MS Windows Event Logging XML - Security log source type and apply the LogRhythm Default v2.0 log processing policy. For information on supported log messages and parsing, see the configuration guide:
The subsequent LSO documentation contains detailed information on parsing changes and new log processing settings. The EVID pages show the differences between the old log processing policy (LogRhythm Default) and the new policy to be used with LSO (LogRhythm Default v2.0). Use these pages for reference as you migrate from the old log source type and LogRhythm Default policy to MS Windows Event Logging XML - Security and LogRhythm Default v2.0 policy. 

Support for ADFS Events

Log Source Stabilization (LSS) does not support ADFS Events with the updated MPE rules and log processing policy (LogRhythm Default v2.0). ADFS Events are supported separately with MS Windows Event Logging XML - ADFSIf you are using Microsoft Active Directory Federation Services (ADFS) and streaming ADFS logs through Windows Security log source types, we recommend using log source virtualization to stream MS Windows Event Logging XML - ADFS log messages.

For more information, see Log Source Virtualization.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.