Non Domain Windows server integration steps
You can use either of these 02 options 'Microsoft WinRM Configuration and Troubleshooting' or 'Microsoft Windows using Adison Event Reporter or Intersect Alliance SNARE Event Source Configuration... '.
This link shows all other option for different vendors for log collection 'RSA NetWitness Platform Integrations Catalog'.
The Supported Windows versions for above 02 options are shown below :
Recommendation is to configure Windows Server/machines that you really want to collect & monitor the logs. Configure the Windows machines that don't offer much Security insights or Non critical may add up to your EPS & clutter your investigation, reporting & alerting.
One thing to note.. You must use “basic auth” when collecting from a non domain member. You can not use “negotiate”
Let me know if you run into any issues with the docs and I can give you a hand.