Tie WSA into Event Logs

  • 4 March 2016
  • 4 replies

Userlevel 1
It would be usefull to me if WSA was able to generate events in the windows event log.  It would make it easier to create scheduled tasks or incorporate data into a SEIM. 
'Windows allows applications to report their own security events to the security log by registering through Authorization Manager with LSA as a security event source using the AuthzRegisterSecurityEventSource function. "

4 replies

Agreed. This is also needed for RMM tools that do not have deep WebRoot integration.
Userlevel 7
Badge +31
A cross platform solution would be for WSA agent to write all events to a log file that used a common event format.  You could collect this from the devices and use with SIEM / SCOM / SPLUNK etc... 
If we wrote to Windows event store , and I do see merit in that, it does tie us to that platform and we would have to come up with another solution for mac etc..
Senior Product Manager
WSA - Business
Any plans to get these events into the event viewer?

I too think that writing to the Windows Event logs would be helpful. I would like to set up criteria to view this data such that a virus found could be found in the Event Viewer and accessible to tools that query the Event Viewer data. Is there any update on this request status?