This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA enVision® Discussions

Browse the RSA enVision discussion board to get product help and collaborate with other users of RSA enVision.
RSAAdmin
Beginner
Beginner
‎2011-01-17 06:59 PM

Windows event/device classification

I have a Windows Server 2008 sending logs to Envision. It was detected as unknown and I wish to manually set its device type but cannot determine whether to select "Windows Events (BL)", "Windows Events (ER)" or something else

 

Can someone shed some light on what the differences are between them?

 

Thanks

0 Likes
Reply
2 Replies
RSAAdmin
Beginner
Beginner
‎2011-01-20 08:13 AM

The Windows device classification, unlike other event sources, is dependent upon the method used to transport the events to enVision. Windows Agentless collection (where enVision uses RPC calls to ge the event logs) is the most typical and is the "Windows Events (NIC)" type. Other methods include Snare "winevent_snare," Adiscon Event Reporter (winevent_er), and the new WinRM-based Windows Event Collection service (type I've forgotten at the moment).

 

More information is available in the Windows device configuration guide available on RSA's support site, SCOL.

 

David

0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to RSAAdmin
‎2011-01-20 07:21 PM

Thanks David.

0 Likes
Reply
© 2020 RSA Security LLC or its affiliates.
All rights reserved.