Microsoft Defender Antivirus Events

Hi, I'd like to log my Microsoft Defender Events (EventID:1116) so when a malware is detected, I get it on my Graylog server.

Problem is that with Server 2016/Windows 10, the logs are too many for a simple input (with the 256 limit).

So I decided to filter some, and to only get some of them :

AskedJuly 12, 2022 - 11:47am