Windows Event Forwarding and Event Collectors In-Depth
Join Scott Lynch and Justin Henderson to talk about how to scale and use Windows Event Forwarding and Event Collectors, whether you are a small or large enterprise.
In this live stream, we’ll talk about how to deploy and fine tune Event Forwarding and include some less commonly discussed topics like managing stale Windows Collector registry entries, how to assign computers to multi-Windows Event Collector server deployments, and concepts like using Windows Event Forwarding to support multiple SIEM environments.
by SANS Cyber Defense
windows server dns forwarder
does anyone have manual how to setup WEC cluster with 2 or 3 servers?
Waste of time. The one guy on the right has a video on this subject and none of his links work. You think that if he teaches he would make sure his links work. But nope – wasted my time.
Can some one please make video on how to configure WEC for workgroup environment with CA server.
summary:
don't use wec/wef,
stick to ARC/AMA agent for servers?
and log analytics agent for workstations if needed (AMS not supported for workstations)?
with advanced powershell auditing enabled in group policy?
plus edr agent for advanced threat detections?
I did similar deployment in our enviroment but WEC is a single point of failure . We tried the windows built in mechanism with 2 virtual servers configured as cluster but didnt work , Any ideas how to mitigate this ?
is there a link for the followup video on implementing?
Awesome video, very helpful! Justin has the same handwriting as me 😊
Absolutely loved this webcast! Plenty of useful information in regards to the benefits of WEF/WEC usage, especially in an environment where you have multiple SIEMS.
Also, Powershell was mentioned, definitely seems like wecutil will be worth looking into further for automation and scripting purposes!