Windows Collection: Step 2. Configure Event Sources to Send Events

Document created by RSA Information Design and Development on Nov 22, 2016Last modified by RSA Information Design and Development on May 4, 2017
Version 10Show Document
  • View in full screen mode
  

This topic tells you where to find the event sources currently supported for Windows collection and the available configuration instructions for each event source.

Supported Event Sources List

Return to Procedures

The list of RSA Supported Event Sources is an alphabetized list of all the event sources
currently supported by Security Analytics that identifies which event sources you can use with Windows Collection.

SupportedWinES.png

Find the name of the event source.

Verify that it is supported by the Windows Collection Protocol.

Click on envisionConfigInstrIcon.PNG to retrieve the configuration instructions for the event source.

Verify that you downloaded the correct event source parser (for example, winevent_nic) from LIVE to the Log Decoder and enabled  it.

Sample Configuration Instructions

The following illustration is taken from the Microsoft Windows Eventing 6.0 Web Services API configuration instructions.

WinConfigInstr.PNG

You are here
Table of Contents > Windows Collection Configuration Guide > Procedures > Step 2. Configure Windows Event Sources to Send Events to Security Analytics

Attachments

    Outcomes