Applies To: Windows 10 and Windows Server 2016
Windows Defender is known as Windows Defender antivirus in Windows 10 (Creators update) and later, is an anti-malware component of Microsoft Windows. It has evolved into a full antivirus program, replacing Microsoft Security Essentials as a part of Windows 8 and later versions.
EventTracker collects the event logs delivered from Windows Defender and filters them out to get some critical event types for creating a report, dashboard, saved searches and alerts. Among the event types, we are considering: Threat detection, Suspicious behavior detection, Configuration change and action taken on threats.
Once events are received into EventTracker, Reports, Knowledge Objects, Categories and Dashboards can be configured into EventTracker.
EventTracker monitors all the Windows Defender events which are given as below.
The configuration details are consistent with EventTracker version 9.X and later, and Windows Defender Windows 10 and Windows server 2016.
To configure Windows Defender to send logs to EventTracker, refer to the How-to Guide.
For more information please refer to the Integration guide