You can use the Windows Event Collector (WEC) sensor app to collect and store Windows events from the computers in your network. When you use the WEC sensor app, the Windows Server machines function as the sender, and the WEC sensor app itself functions as the collector for the events. However, for most instances AT&T Cybersecurity recommends that for enhanced performance and functionality, you should use the Windows Agent or the NXLogs plugin to monitor Windows event logs.
Installation of the WEC sensor app includes these prerequisites:
- Windows Server 2008, 2012, or 2019.
- PowerShell 3.0 or newer.
- A USM Anywhere Sensor with a private, static IP address, deployed in the same network forwarding logs to the WEC sensor app.
USM Anywhere Sensors require TLS 1.2 for WEC. These are the accepted ciphers:
Installation and setup of the sensor requires:
- Microsoft Windows Event Collector Sensor App Setup.
- Windows Event Collector Sensor App Log Forwarding.
- Windows Event Collector Sysmon Installation.
Related Video Content
To view other related training videos, click here.