So I am looking to add the MSExchange CmdletLogs to our Sentinel
logging. I have the MS Exchange connector running using a WECS collector
and I am successfully collecting log data, specifically the
MSExchangeMailboxAssistants logs. Now I see in the connection mode area
of the event source where you can configure the logs collected under
EventLogQuery and Applications sections. I am fumbling around in the
dark a little bit here, but simply added the string
SourceName = "MSExchange CmdletLogs"
under EventLogQuery and
Application:MSExchange CmdletLogs
does not seem to work (I had no hopes that it really would).

Any one actually done this? The MSExchange CmdletLogs seem to have the
best logs.

psmcgovern's Profile:
View this thread: