Versions Compared

Old Version 27

changes.mady.by.user Customer Success & Engineering (Unlicensed)

Saved on

compared with

New Version 28

changes.mady.by.user Customer Success & Engineering (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents

Overview:

We are providing you with the steps to integrate your event collection at windows collector computer with Seceon SIEM so we can have Comprehensive visibility and Proactive Threat Detection in your Environment. There will be a log transfer between your firewall to APE(Analytics and Policy Engine) via CCE (Collection and Control Engine ). This document will guide you through the steps for Log and Netfwlows forwarding.

...

Now create a New Subscription

>>  On   On the collector computer in search box, run Event Viewer as an administrator.Image Removed

...

>>  Click Subscriptions in the console which is situated in the left sideImage Removed

...

>>  Start Windows Collector Service

...

>>  On the actions menu, in right side click on the create subscription.Image Removed

...

>>  In the Subscription Name box, type a name for the subscription

>>  In the Description box, enter an optional description.Image Removed

...

>>  In the Destination Log, select the log file with help of dropdown where collected events are to be stored. Please make sure that the collected events are stored in the "System" log.Image Removed

...

>>  now click on select computers from which events are to be collected

>> After adding a computer, you can test connectivity between it and the local computer by selecting the computer and clicking Test.Image Removed

...

>> Now click on the add domain computerImage Removed

...

>> In object name put your computer name one by oneImage Removed

...


>> Now click on select eventsImage Removed

...

>> and click on all the events Critical, Warning, Verbose, Error, Information Image Removed

...

>>Drop Down Event levelImage Removed

...

>>Select Windows logs and click on check box as shown below.Image Removed

...



>> After that drop down the events logs and in envent logs follow this path microsoft-windows-DriverFrameworks and click on the ok
 choose "Windows Log" in the dropdown.

1. Click on + next to Application & Services:

...

4. Check the box next to "DriverFrameworks-UserMode"Image Removed


...

>>Then click on the advance tabImage Removed

...


>> Select "Specific User" and then click on user name and passwordImage Removed

...


>> And put the username and password with the admin privilege

...


Click OK.

 >> Click  Click OK on the Subscription Properties dialog box. The subscription will be added to the Subscriptions pane.

To check the status,

Right click on the Subscription name, select "runtime status". if the operation was successful, the Status of the subscription will be Active.

The following link provides additional information: https://msdn.microsoft.com/en-us/library/cc722010.aspx

Now, the collector setup is done, please

...

3. Steps to enable audit logs are given in the article from the link below:

Windows- Enable Audit Logs/Policies