Documentation forHybrid Cloud Observability Essentialsand Log Analyzer

Monitor Windows security events

LA provides a pre-configured whitelist that includes all monitored Windows security events. This whitelist allows the most common security events and restricts unnecessary data that can clutter and overwhelm your log feed.

To add or remove events, go to Global Advanced Configuration and edit the query.

Modifying the default configuration may exceed LA’s scalability limit and is not recommended. Please contact Customer Support for assistance.