search

microsoft / winget-cli

WinGet is the Windows Package Manager. This project includes a CLI (Command Line Interface), PowerShell modules, and a COM (Component Object Model) API (Application Programming Interface).
https://learn.microsoft.com/windows/package-manager/
MIT License
22.59k stars 1.4k forks source link

Log WinGet Actions in Event Viewer #3125

Open Trenly opened 1 year ago

Trenly commented 1 year ago

I've looked under ideas but couldn't find any similar idea.

From a secops and enterprise management point of view it would be much more valuable that any winget actions are logged into the event viewer. Ideally in it's own dedicated eventlog, if not possible I would say the standard application log but with its own event source.

This would enable a lot of scenario's from forwarding events with tools like splunk or even Defender for endpoint to be able to collect those events. But it also would allow better troubleshooting and being able to track the history and it would even allow to attach tasks to certain events.

Thanks, Kris Titeca

Originally posted by @KrisTiteca in https://github.com/microsoft/winget-cli/discussions/3119

Braedach commented 1 year ago

Agree - need eventblog support so can be sent to SEIM.