Hi Guys,
As Nicole mentioned, there's a few steps required in order to get the logs into LEM.
1. Go to the Event log and right click on “EXE and DLL” and change the log location to be no spaces: %SystemRoot%\System32\Winevt\Logs\Microsoft-Windows-AppLocker%4EXEandDLL.evtx
2. Now go into registry and add the key you will notice it just has no spaces “Microsoft-Windows-AppLocker/EXEandDLL” added in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog
3. Edit the AppLocker connector to look like this:
4. Save & Start the connector and you should now be able to see the logs in LEM (using the filters that Nicole refers to above)
Hope that helps!