Windows Collection: Step 4. Verify Collection Is Working

Document created by RSA Information Design and Development on Mar 23, 2017Last modified by RSA Information Design and Development on May 4, 2017
Version 4Show Document
  • View in full screen mode
  

This topic tells you what to check in Security Analytics to verify that you have configured Windows Collection correctly.

If the Windows collection is not configured correctly, it will not work. You can check if it is working from the Health & Wellness view or the Investigation view.

Procedure

Return to Procedures

To verify that the Windows collection is working:

  1. In the Security Analytics menu, select Administration > Health & Wellness
  2. In the Event Source Monitoring tab, find a Windows event source type (for example, winevent_nic) in the Event Source Type column.
  3. Look for activity in the Count column to verify that Windows collection is accepting events.

The following figure illustrates how you can verify that Windows collection is working from the Investigation> Events > view.

  1. In the Security Analytics menu, select Investigation > Events.
  2. Select the Log Decoder collecting Windows events in the Investigate a Servicedialog.
  3. Look for a Windows service type in the Details column to verify that Windows collection is accepting events.
You are here
Table of Contents > Windows Collection Configuration Guide > Procedures > Step 4. Verify That Windows Collection Is Working

Attachments

    Outcomes