IBM QRadarJoin this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.
Hello. Do we have an alternative for enabling remote registry service for remote pooling WinCollect, maybe exists way to set some registry option in system?
The remote registry service is required to understand the events format when WinCollect remotely polls for event data. The registry service allows WinCollect through Windows Event Log Remoting protocol, which is what WinCollect uses to remotely poll for data to get the operating system and version information to properly parse and understand the format of the events. As over time, Windows has updated their event format for different Windows versions.
If you cannot use Remote Registry for security purposes, you might want to look in to using Windows Event Forwarding (WEF). Microsoft has a pretty good monitoring and configuration guide here: https://docs.microsoft.com/en-us/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection