获取Windows事件日志以获取PCI DSS [英] Obtaining Windows event logs for PCI DSS
问题描述
大家好,
我正在尝试向ALA查询某些事件日志.本文中列出的内容:https://docs.microsoft.com/zh-cn/windows/security/threat-protection/auditing/basic-security-audit-policy-settings
I am trying to query ALA for certain event logs. The ones listed in this article: https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/basic-security-audit-policy-settings
问题在于查询返回0个结果.我什至尝试了ALA中保存的搜索"部分中的查询.我们注意到未配置审核策略,因此在星期五进行了更正.今天的结果仍然显示为0.
The issue is that the queries return 0 results. I even tried the queries from the Saved searches section in ALA. We noticed the audit policies were not configured and so that was corrected on Friday. Today the results still show 0.
我想念什么?谢谢!
Jeny
推荐答案
Azure Log Analytics不收集安全日志.这是由Azure安全中心完成的,该中心使用Azure日志分析作为平台来存储安全日志.因此,您需要配置Azure安全中心.以下文件和其他 ASC中的文档将为您提供帮助:
Azure Log Analytics does not collect security logs. This is done by Azure Security Center which uses Azure Log Analytics as platform for storing the security logs. Because of that you need to configure Azure Security Center. The below document and the other documents in ASC will help you:
https://docs.microsoft.com/zh-CN/azure/security-center/security-center-enable-data-collection
https://docs.microsoft.com/en-us/azure/security-center/security-center-enable-data-collection
您还可以查看正在收集哪些安全事件.请记住,在Windows计算机上,您需要配置审核策略,以便事件可以显示在安全日志中.默认情况下已经配置了某些事件,但是取决于您的 如果您可能想配置更多.
You can also see which security events are being collected. Remember that on Windows machines you need to configure the audit policies so the events can appear in security log. There are certain events configured by default already but depending on your case you might want to configure more.
如果此回复对您有帮助,则将其标记为答案.
Mark this reply as answer if it has helped you.
这篇关于获取Windows事件日志以获取PCI DSS的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!