This topic describes the procedure to enable Remote Registry Access method for collecting data from event sources.
Return to Procedures
Windows Legacy Collector performs an initial verification of the event source before collecting data. By default, Windows Legacy Collector uses Windows Management Instrumentation (WMI) method to perform this initial verification. If you enable Remote registry access method, Windows Legacy Collector performs a remote registry query to verify the event source.
Note: Customers who have upgraded from RSA enVision can select the Remote Registry Access method so as to use the existing domain collection user without having to enable WMI permission.
- In the Security Analytics menu, select Administration > Services.
- In the Services grid, select a Windows Legacy Log Collector service.
- In the toolbar, select View > Config > Event Sources.
- In the Event Sources tab, select Windows Legacy/Windows from the drop-down menu.
- Configure the alias:
Remote Registry Access method is enabled.