Enable additional event logs using Event Viewer - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Documentation

Product
Cortex XDR
Creation date
2024-03-06
Last date published
2024-12-30
Category
Administrator Guide

For the following event IDs, the auditing setup is configured using the Windows Event Viewer. Access the Event Viewer through the search box in the Start menu.

image34.png

In Event ViewerExpand Applications and Services LogsMicrosoftWindowsUser Profile Service, right click Operational and select Enable Log.

image22.png

In Event ViewerExpand Applications and Services LogsMicrosoftWindowsCAPI2, right click Operational and select Enable Log.

image36.png

In Event ViewerExpand Applications and Services LogsMicrosoftWindowsDNS Client Events, right click Operational and select Enable Log.

image33.png

In Event ViewerExpand Applications and Services LogsMicrosoftWindowsDriverFrameworks-UserMode, right click Operational and select Enable Log.

image28.png

In Event ViewerExpand Applications and Services LogsMicrosoftWindowsPowerShell, right click Operational and select Enable Log.

image31.png

In Event ViewerExpand Applications and Services LogsMicrosoftWindowsWindows Defender, right click Operational and select Enable Log.

image35.png

In Event viewerApplication and Services LogsMicrosoftWindowsTerminalServices-ClientActiveXCoreMicrosoft-Windows-TerminalServices-RDPClient, right click Operational and select Enable Log.

image30.png

In Event ViewerExpand Applications and Services LogsMicrosoftWindowsWindows Firewall With Advanced SecurityFirewall, right click Operational and select Enable Log.

image17.png