cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
g.funk
Level 8
Report Inappropriate Content
Message 1 of 4

Windows Applocker Logging

Jump to solution

Hello, I was curious if anyone has gotten the applocker event logs to show up in the SIEM? I've already downloaded the Windows Content Pack, which is supposed to include everything. I do see the new views and whatnot, and on my test server I do see the applocker events being written to the event log, but those events never come across to our receiver. Also when I select "Get Logs" on my data source, it doesn't list AppLocker as on of the selectable events to pull. It's obviously supported, am I missing something? Checked w/ McAfee support and the tech is looking into it as well, but in his test environment it did the same thing.

1 Solution

Accepted Solutions
g.funk
Level 8
Report Inappropriate Content
Message 4 of 4

Re: Windows Applocker Logging

Jump to solution

I ended up using the SIEM collector, thanks all.

3 Replies
sssyyy
Level 12
Report Inappropriate Content
Message 2 of 4

Re: Windows Applocker Logging

Jump to solution

Yes, I got applocker events into SIEM by using SIEM collector to tail the events on the Windows server and forward to event.

McAfee Employee mherr
McAfee Employee
Report Inappropriate Content
Message 3 of 4

Re: Windows Applocker Logging

Jump to solution

Check this KB to get the event logs via WMI.

https://kc.mcafee.com/corporate/index?page=content&id=KB56436

g.funk
Level 8
Report Inappropriate Content
Message 4 of 4

Re: Windows Applocker Logging

Jump to solution

I ended up using the SIEM collector, thanks all.

Member Rewards
McAfee Community rewards active and helpful members just like you. Click here to take a look at the first community members who received a special reward and were recognized by McAfee leader, Aneel Jaeel, for their participation and trusted knowledge in the community.