| Table of Contents |
|---|
Overview:
...
What Is the Windows Event Collector?
The Windows Event Collector service is responsible for managing continuous event subscriptions sourced from remote locations that support the Web Services-Management protocol. This includes event sources using the Intelligent Platform Management Interface (IPMI), hardware, and event logs. The Windows event log collector stores events that have been forwarded in a localized event log. If disabled or stopped, the service can no longer create event subscriptions, and forwarded events can’t be accepted.
Event collection enables administrators to retrieve events from a remote device and store the events in a fully centralized location. Events are stored on the collector computer’s local event logs. The event’s destination log path is a key subscription property. Event data is saved to the collector device’s event log, and any additional information related to event forwarding is added directly to the relevant event.
The Windows event log collector service requires manual startup, but it comes preinstalled. In the Windows Event Collector default configuration, it uses the NetworkService account to log in. The Windows Event Collector service is reliant upon two system components: a Windows event log and HTTP.
Seceon provides the steps to integrate the event collection at windows collector computer with Seceon SIEM so we can have Comprehensive visibility and Proactive Threat Detection in your Environment. There will be a log transfer between your firewall to APE(Analytics and Policy Engine) via CCE (Collection and Control Engine ). This document will guide you through the steps for Log and Netfwlows forwarding.
...