Keyword attribute/field is not present in AMA

  Kiến thức lập trình

I am working on implementation that requires keyword field to identify whether Audit is failed or success, But in Recent AMA logs, I am not able to find keyword field.

Example :
In old logs format For example below URL mentioned logs has Keyword field associated with it. Which is not present in new log format.
0x8020000000000000
https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/auditing/event-4740

In new log format : keyword field is not present. How can I check whether Security Auditing event is success or failed.
https://learn.microsoft.com/en-us/azure/azure-monitor/agents/data-sources-windows-events

Any help would be much appreciated.
Thanks In Advance
Dhavalkumar Chauhan

Why the field is not present ? is the log format changed or both of two events are from diff tools.?

LEAVE A COMMENT