Apart from winrm what are the other log collection methods ,there is any native agent that collects logs from windows box?
event reporter agent
winRM either to RSA netwitness or
WinRM to windows event collection server then 1 winRM connection to RSA log Collector
Thanks ,Which is best solution to go agent or winrm ?
And also share me where we can download these agents .
depends on how your environment is configured and if you have control over the master build or logon scripts to push agents out or configure WinRM via GPO.
The agents are 3rd party and not RSA provided. There is potentially another license to purchase those (snare used to be free in 4.x but now i think in 5.x you need to pay a fee per agent).
Configuration guides are here:
RSA NetWitness Supported Event Sources
look for 'microsoft windows'
Retrieving data ...