is it possible to collect windows log with windows defender for endpoint

Question

Hello,

We plan to install windows defender for endpoint at all computer workstations. The question is whether it is possible to collect Windows log (not only antivirus, but also system, applications, DLP) with windows defender for endpoint

Thanks for an answer

Answer 1

@TomVanDerPo Thank you for reaching out to us.

Microsoft Defender for Endpoint is primarily an endpoint protection platform that provides antivirus, endpoint detection and response (EDR), and other security features. While it can collect some system and application logs, it is not designed to be a comprehensive log collection tool.

If you need to collect logs from your workstations, you may want to consider using Microsoft Sentinel, which is a cloud-native security information and event management (SIEM) solution that can collect and analyze logs from a variety of sources, including Windows Event Logs, Sysmon, and other security solutions.

Alternatively, you can use the Azure Monitoring Agent to collect logs from your workstations and send them to a Log Analytics workspace, which can then be used for analysis and alerting. However, this approach requires additional configuration and management compared to using Sentinel.

Reference: https://learn.microsoft.com/en-us/azure/azure-monitor/agents/azure-monitor-agent-overview

https://www.youtube.com/watch?v=uPjCE1KZqR4

https://www.youtube.com/watch?v=Z1zDlXCwI9k&t=465s

Let me know if you have any further questions, feel free to post back.