Enable additional event logs using Event Viewer - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Documentation

Product
Cortex XSIAM
Creation date
2024-03-06
Last date published
2025-01-26
Category
Administrator Guide

For the following event IDs, the auditing setup is configured using the Windows Event Viewer. Access the Event Viewer through the search box in the Start menu.

image34.png

In Event ViewerExpand Applications and Services LogsMicrosoftWindowsUser Profile Service, right click Operational and select Enable Log.

image22.png

In Event ViewerExpand Applications and Services LogsMicrosoftWindowsCAPI2, right click Operational and select Enable Log.

image36.png

In Event ViewerExpand Applications and Services LogsMicrosoftWindowsDNS Client Events, right click Operational and select Enable Log.

image33.png

In Event ViewerExpand Applications and Services LogsMicrosoftWindowsDriverFrameworks-UserMode, right click Operational and select Enable Log.

image28.png

In Event ViewerExpand Applications and Services LogsMicrosoftWindowsPowerShell, right click Operational and select Enable Log.

image31.png

In Event ViewerExpand Applications and Services LogsMicrosoftWindowsWindows Defender, right click Operational and select Enable Log.

image35.png

In Event viewerApplication and Services LogsMicrosoftWindowsTerminalServices-ClientActiveXCoreMicrosoft-Windows-TerminalServices-RDPClient, right click Operational and select Enable Log.

image30.png

In Event ViewerExpand Applications and Services LogsMicrosoftWindowsWindows Firewall With Advanced SecurityFirewall, right click Operational and select Enable Log.

image17.png