One of the things that we wanted to do for this release was to split out the Windows Filtering Platform (WFP) from the Windows Security log connector.
Why are we splitting this out into a separate connector?
This is being split out because customers frequently call into support after being completely overwhelmed with the sheer volume of data upon enabling the Windows Security Log connector. While on the other hand some customers still want to collect this data.
What does this mean?
It means that upon connector upgrade this behaviors will change. Anyone that wants to collect Windows Filtering Platform events will need to configure that connector specifically once they get the latest connector update.