Log Collection Windows: Step 4: Verify That Windows Collection Is Working

Document created by RSA Information Design and Development on Jul 29, 2016
Version 1Show Document
  • View in full screen mode
 

If the Windows collection is not configured correctly, it will not work. You can check if it is working from the Health & Wellness view or the Investigation view.

Return toProcedures

To verify that the Windows collection is working:

  1. In the Security Analytics menu, select Administration > Health & Wellness.
  2. In the Event Source Monitoring tab, find a Windows event source type (for example, winevent_nic) in the Event Source Type column.
  3. Look for activity in the Count column to verify that Windows collection is accepting events.

The following figure illustrates how you can verify that Windows collection is working from the Investigation> Events > view.

  1. In the Security Analytics menu, select Investigation > Events.
  2. Select the Log Decoder collecting Windows events in the Investigate a Service dialog.
  3. Look for a Windows service type in the Details column to verify that Windows collection is accepting events.
You are here: Windows Collection Configuration Guide > Procedures > Step 4: Verify That Windows Collection Is Working

Attachments

    Outcomes