IBM Security Join our 16,000+ members as we work together to overcome the toughest challenges of cybersecurity. Join the Community
1. Rich Content
New Windows S-TAP Must Gather gathers much more logs and configuration files. It's not just from Windows S-TAP and GIM, but also from other Guardium Agents for Windows such as File Activity Monitor (FAM), Guardium Agent Monitor (GAM), Configuration Auditing System (CAS), etc.It also gathers more information from Windows registry and some other Windows repositories using Windows commands.
2. Easy to read
Legacy Windows S-TAP Must Gather output files such as tasks.txt, system.txt, reg.exe etc are a set of Windows Commands output, but it doesn't include each command itself. New Windows S-TAP Must Gather provides each command followed by the command output, so it's easier for engineers to read the must gather files.
3. Traceable when diag.bat doesn't work
New Windows S-TAP Must Gather provides diag.log, which reports details about the diag.bat script executions and the results. If there is any issue in running the script, we can look at the diag.log file and know the reason of the script failure.
Nothing is changed in the usage of the script. You can use it as you're using before.
You can run Windows S-TAP Must Gather script (diag.bat) from Windows Start Menu > IBM Windows S-TAP > Run Diagnostics. The script will generate a zip file under %WINSTAP%\Bin\zipTmp directory, where %WINSTAP% is the Windows S-TAP installed directory (the default is C:\Program Files\IBM\Windows S-TAP), and send it to the collector.
Another way of running the script in DB server is to open a Windows Command Prompt as Administrator and run %WINSTAP%\bin\diag.bat. The result will be the same.
You can also run Windows S-TAP Must Gather from Guardium GUI.