New

Tie WSA into Event Logs

  • 4 March 2016
  • 3 replies
  • 2217 views

Userlevel 1
It would be usefull to me if WSA was able to generate events in the windows event log.  It would make it easier to create scheduled tasks or incorporate data into a SEIM. 
 
'Windows allows applications to report their own security events to the security log by registering through Authorization Manager with LSA as a security event source using the AuthzRegisterSecurityEventSource function. "

3 replies

Agreed. This is also needed for RMM tools that do not have deep WebRoot integration.
Userlevel 7
Badge +31
A cross platform solution would be for WSA agent to write all events to a log file that used a common event format.  You could collect this from the devices and use with SIEM / SCOM / SPLUNK etc... 
 
If we wrote to Windows event store , and I do see merit in that, it does tie us to that platform and we would have to come up with another solution for mac etc..
 
Regards
 
Jon.giffard
Senior Product Manager
WSA - Business
 
Any plans to get these events into the event viewer?

Reply