Windows Event Forwarding

Windows Event Log Management Presentation

I recently presented a brief presentation to the Central Alabama ISSA Chapter on Windows Event Forwarding (WEF).  I have a previous blog with a number of resources for getting WEF up and going.  The main point of this presentation was to point out the simplicity of WEF and for people to consider what they are monitoring and is it actually detecting what matters. [slideshare id=84332793&doc=windowseventlogmanagement-171218025835]

Windows Event Forwarding/Collector Resources

Depending on your SIEM you are going to have different requirements here.  For some SIEMs, there is no issue with EPS and only the number of devices.  In that case, this will immediately reduce your licensing needs by allowing you to watch Events from Servers and/or workstations from a single (or few) devices.  You can forward all workstation events to a single devices and then just monitor that devices from… Read More »Windows Event Forwarding/Collector Resources