How to storage Defender Logs for over the default 180 Days

June 29, 2023
Research
0 Comments
paris

So Defender for Endpoint Logging does not comply PCI DSS Logging requirements of Logging “the audit history should be kept for at least one year “

You have to Stream the Logs to Azure Storage to get this up to 1 year

https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/raw-data-export-storage?view=o365-worldwide

https://jeffreyappel.nl/export-microsoft-defender-for-endpoint-security-events-with-the-streaming-api/

(No Ratings Yet)

Andrea Rochira Well, this solution still works in 2023 and better than PowerShell! Thank you.
Copy file to workstations with Windows Intune · September 19, 2023
Emre Temel Thank you for this information. You save my life. 🙂
Exchange Setup – A required audit event could not be generated for the operation · September 18, 2023
Ilya L Missing \ before *, other than that, 👍. Schedule it to run monthly via Task Scheduler... 👍👍
Script to Delete ServiceWorker Cache on Google Chrome and Microsoft Edge · August 20, 2023
jack Thank you paris, one server got stuck on the SSPI failed and the solutution fixed it!!
Using Powershell to Send Emails via Mimecast · August 2, 2023
Maurece The information I needed when I needed it, Thanks Pariswells.com
Mimecast – Relaying from External to External using a forward ( External Relay ) · April 13, 2023