BHIS | Intro to Windows Event Collecting | Nick & Noah | 1 Hour
Рет қаралды 5,864
Күн бұрын
@GabrielSanchez-rh6lv 2 жыл бұрын
Thank you for continuing to put out great security information. Taking your SOC skills course and loving it!
@computerguy79 2 жыл бұрын
gnarly timing. I'm actually working on implementing this in my environment this week and this webcast helped fill in many gaps; especially the pitfalls pieces. Thanks guys.
@tylercoan 2 жыл бұрын
Awesome stuff guys! Super informative and I can’t wait to get this going in my lab and hopefully get it going in production.
@safurniss Жыл бұрын
What about for collecting logs from non-domain joined servers... say those in your DMZ ?
@vincegremillion1533 2 жыл бұрын
Winlogbeats service on the WEC wont start, it seems to be looking for the CRT file that isn't there. I searched text in closed caption transcripts and no mention of how to create a cert or not reference a cert in the WLB config.
@rajashekarmeegada2127 Жыл бұрын
Can we use a VIP in front of multiple WECs in a large environment to be able to forward logs from large no of workstations?
@BlackHillsInformationSecurity Жыл бұрын
Tthat's really hard to say without more dialog. winrm can handle using proxy servers and could probably be load balanced without breaking certificate chains. we have recommended for larger environments with multiple sites to use multiple Windows Event Forwarding policies with each policy specifying different WECs and applied to different Active Directory OUs as appropriate for the environment. all that said... i'm like 99% sure you can specify more than 1 WEC in the WEF policy so if you're are talking large number of systems all at the same site and same OUs maybe the easiest thing is to just specify multiple WECs on the policy - Nick Caswell
@matthewkerr3972 2 жыл бұрын
I am working through this right now, ran into some issues with the enablewinrm on DC. Is there a spot in the BHIS discord server where I can bounce questions off of others that are setting this up?
@matthewkerr3972 2 жыл бұрын
Nevermind, I think I figured it out. I need to go through each Defcon. I thought you could stop at 4 to get this all done. You guys Are heroes.
Black Hills Information Security
Рет қаралды 12 М.
Black Hills Information Security
Рет қаралды 4 М.
Black Hills Information Security
Рет қаралды 4,2 М.
Black Hills Information Security
Рет қаралды 24 М.
Lawrence Systems
Рет қаралды 22 М.
Black Hills Information Security
Рет қаралды 6 М.