I recently deployed Alienvault OSSIM and installed Nxlog on a domain controller to forward Windows event logs to AV, also I set the plugin for Nxlog. Nothing was showing up in the SIEM Events so I confirmed with a packet capture that logs were being sent. Also I checked in /var/log/alienvault/devices and there is a folder there and events so AV is getting the event logs but seems to not be parsing or correlating them so that they are viewable in the web GUI. I used the default Nxlog config that Alienvault has in this article: https://www.alienvault.com/documentation/usm-appliance/supported-plugins/configuring-nxlog.htm
Is there something I am missing that needs to be set for Windows event logs to show up in the 'Security Events (SIEM)'?