Windows Defender Logs not wokring

[jeniha]

Wazuh version	Component	Install type	Install method	Platform
unknown	unknown	unknown	unknown	unknown

Hi to all,
My issue is that:
Wazuh won`t grab logs from Windows Defender for exmaple:
when i turn off Real-time protection i cant see it in logs into wazuh, also when is scan a file and cant see is it a clean file.
Can you help me?

[jnasselle]

Hi @jeniha ! In order to figure out where the problem is, could you please fill the table in the issue description with the information about your Wazuh installation? This will really help us.

[jeniha]

I use .ova image and install new agent to new virtual machine with windows 10 for testing.
In ossec.conf in agent folder in Windows i put this code:

Microsoft-Windows-Windows Defender/Operational
<log_format>eventlog</log_format>

And in Security events event in web interface in wazuh cant show event from stoping Real-Time Proteciton or starting back up, even when find some virus there is no events from Defender.

[jeniha]

Fixed:

Microsoft-Windows-Windows Defender/Operational
<log_format>eventchannel</log_format>

Victor Rebollo helps me in Slack

[jnasselle]

Great news!
Despite both eventlog and evenchannel are supported by Wazuh, like the documentation mention, use Eventchannel for Windows Vista and later versions.

Regards,