Tie WSA into Event Logs

Userlevel 1
It would be usefull to me if WSA was able to generate events in the windows event log.  It would make it easier to create scheduled tasks or incorporate data into a SEIM. 
'Windows allows applications to report their own security events to the security log by registering through Authorization Manager with LSA as a security event source using the AuthzRegisterSecurityEventSource function. "

3 replies

Agreed. This is also needed for RMM tools that do not have deep WebRoot integration.
Userlevel 7
Badge +31
A cross platform solution would be for WSA agent to write all events to a log file that used a common event format.  You could collect this from the devices and use with SIEM / SCOM / SPLUNK etc... 
If we wrote to Windows event store , and I do see merit in that, it does tie us to that platform and we would have to come up with another solution for mac etc..
Senior Product Manager
WSA - Business
Any plans to get these events into the event viewer?


    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept or continue browsing you agree to our cookie policy. Learn more about our cookies.

    Accept cookies Cookie settings