What STASHit solves for you!

Need to log events like password resets, access to specific folders or files to comply to your internal compliance or GDPR rules? No problem. Save your events in a dedicated long term Microsoft Azure Log Analytics workspace.

Are you already using Microsoft Azure Log Analytics but missing your clients event logs? Simply deploy the MSI based agent(s) and you got them, even when users are traveling or working at home.

We have not seen any public available applications that can do this in our research. So keep reading and see how you get the most out of your windows events.


Discover great features


Detect the hackers or abnormal system patterns?, Sysmon by Microsoft is included so get commands like “whoami.exe” logged in Microsoft Azure Log Analytics for forensic analysis of attacks or troubleshooting.


Need to trace user activity across systems? All events with user identification information is enriched with the username in a dedicated field, for fast and easy traceability across systems and event types.



Want to save a lot of both space and money on you Microsoft Azure Log Analytics bill?. As events are throttled and filtered you only store what you need. Typically events are reduced by 99,5%.


Missing an event?, simply create a support ticket and we will created the matching filter for it at no cost. Everyone benefits when the event filter database is expanded.

And much more


Select in a single view the events you want to store, and determine how long you would like to store them for, and that’s it! After a few minutes you will start receiving the events in Microsoft Azure Log Analytics.


Want to get your servers security logs in Microsoft Azure Log Analytics, but find the OMS pricing option a bit expensive? STASHit is just as good when used in the standalone pricing tier in Microsoft Azure Log Analytics.


Deep filtering

Deep filter on specific events. You might need to store an event like ‘An account failed to log on’ but only when the username is correct to detect if someone is trying to guess a password.


Don't want to install third-party agents on Domain Controllers or other critical servers/systems? No problem! STASHit works fine with Windows Event Forwarding (WEF). Windows Event Forwarding is easy to setup by Group Policy and then have the STASHit agent installed on the WEF server only.

Simple onboarding

STASHit is truly easy to setup. Within 45 minutes you will be up and running, and you will have your first events in an existing Microsoft Azure Log Analytics Workspace in less than 1 hour.


Register your account on the STASHit website https://stashit.io

1 Minute


Get your APIKey for Azure Marketplace deployment, and select your OMS workspace(s) Azure location.

1 Minute

Azure Deployment

Deploy the managed application from Azure Marketplace.

~25 Minutes

Log Analytics Configuration

Get you Log Analytics workspaces IDs and Keys, and enter them in STASHit

5 Minutes

Event selection

Select the events in STASHit you would like to forward to Log Analytics

5 Minutes

Deploy Agents

Download the agent from STASHit and deploy using eg: GPO MSI deployment.

10 Minutes


Start using your events in Log Analytics..

Total ~45 Minutes

Free onboarding support

We offer free remote worldwide onboarding support, including deployment and configuration of Azure Log Analytics workspaces to ensure you get the most out of our product. All you need is an Azure subscription and administrative rights to deploy resources.

Z4it ApS
Merkurvej 13
+45 86 84 96 66

© 2018 Z4it ApS CVR - 38643592