Event ID in Windows Event Log Should not be Zero
0 vote
When entries are put into the Windows Even Log the Event ID is normally set to zero which causes problems when using Microsoft Defender to pull all server event logs together. Defender does not pull in records with Even ID of zero. It would make sense that the Windows Event ID would match the IDs that Syslog is using.
All Comments (2)
Hello,
Thank you for your request. We will have a look to that and let you know what could be done to improve that.
Best regards,
François Dubois
Not to mention having event IDs makes filtering and searching for events much easier. I am using Azure ARC to pull DVLS events into Sentinel, but yeah having event ID of '0' is not ideal.