Hello, I was curious if anyone has gotten the applocker event logs to show up in the SIEM? I've already downloaded the Windows Content Pack, which is supposed to include everything. I do see the new views and whatnot, and on my test server I do see the applocker events being written to the event log, but those events never come across to our receiver. Also when I select "Get Logs" on my data source, it doesn't list AppLocker as on of the selectable events to pull. It's obviously supported, am I missing something? Checked w/ McAfee support and the tech is looking into it as well, but in his test environment it did the same thing.
Solved! Go to Solution.