cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
g.funk
g.funk
Level 9
Report Inappropriate Content
Message 1 of 4
‎08-17-2018 11:55 AM

Windows Applocker Logging

Jump to solution

Hello, I was curious if anyone has gotten the applocker event logs to show up in the SIEM? I've already downloaded the Windows Content Pack, which is supposed to include everything. I do see the new views and whatnot, and on my test server I do see the applocker events being written to the event log, but those events never come across to our receiver. Also when I select "Get Logs" on my data source, it doesn't list AppLocker as on of the selectable events to pull. It's obviously supported, am I missing something? Checked w/ McAfee support and the tech is looking into it as well, but in his test environment it did the same thing.

0 Kudos
Reply
1 Solution

Accepted Solutions
g.funk
g.funk
Level 9
Report Inappropriate Content
Message 4 of 4
‎08-24-2018 09:43 AM

Re: Windows Applocker Logging

Jump to solution

I ended up using the SIEM collector, thanks all.

Reply
3 Replies
sssyyy
Reliable Contributor sssyyy
Reliable Contributor
Report Inappropriate Content
Message 2 of 4
‎08-21-2018 07:38 PM

Re: Windows Applocker Logging

Jump to solution

Yes, I got applocker events into SIEM by using SIEM collector to tail the events on the Windows server and forward to event.

0 Kudos
Reply
Highlighted
mherr
McAfee Employee mherr
McAfee Employee
Report Inappropriate Content
Message 3 of 4
‎08-22-2018 05:25 AM

Re: Windows Applocker Logging

Jump to solution

Check this KB to get the event logs via WMI.

https://kc.mcafee.com/corporate/index?page=content&id=KB56436

0 Kudos
Reply
g.funk
g.funk
Level 9
Report Inappropriate Content
Message 4 of 4
‎08-24-2018 09:43 AM

Re: Windows Applocker Logging

Jump to solution

I ended up using the SIEM collector, thanks all.

Reply
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator

    • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community


    Corporate Headquarters
    2821 Mission College Blvd.
    Santa Clara, CA 95054 USA

    Consumer Support   |   Enterprise Support   |   McAfee.com

    Legal   |   Privacy   |   Copyright © 2019 McAfee, LLC