This was great, it pointed me in the right direction.

Will you publish the event filters you recommend somewhere?

is there a link for the followup video on implementing?

Absolutely loved this webcast! Plenty of useful information in regards to the benefits of WEF/WEC usage, especially in an environment where you have multiple SIEMS. Also, Powershell was mentioned, definitely seems like wecutil will be worth looking into further for automation and scripting purposes!

does anyone have manual how to setup WEC cluster with 2 or 3 servers?

Can some one please make video on how to configure WEC for workgroup environment with CA server.

Awesome video, very helpful! Justin has the same handwriting as me 😊

I did similar deployment in our enviroment but WEC is a single point of failure . We tried the windows built in mechanism with 2 virtual servers configured as cluster but didnt work , Any ideas how to mitigate this ?

summary: don't use wec/wef, stick to ARC/AMA agent for servers? and log analytics agent for workstations if needed (AMS not supported for workstations)? with advanced powershell auditing enabled in group policy? plus edr agent for advanced threat detections?

Waste of time. The one guy on the right has a video on this subject and none of his links work. You think that if he teaches he would make sure his links work. But nope - wasted my time.