Hi QRadar Community!
Just stopping by with some exciting news! The IBM Security Team has just delivered our latest version of Wincollect: WinCollect 10! This initial release of WinCollect 10 is for Stand-Alone mode only, works on both QRadar and QRoC, is applicable for all versions of QRadar, the software can be downloaded from Fix Central and details and documentation can be found here:
WinCollect is a Syslog event forwarder that administrators can use to forward events from Windows logs to QRadar®. WinCollect can collect events from systems locally or be configured to remotely poll other Windows systems for events. These events are then ingested by QRadar and can be used for threat detection!
WinCollect 10 has some very exciting features and improvements and we’re excited to share them with our community. WinCollect 10 has significant performance improvements and each agent now has the capacity to ingest 10,000 EPS which is 2X the capacity that was available in WinCollect. See example statistics below! More details here: https://www.ibm.com/docs/en/qsip/7.3.2?topic=overview-wincollect-10-performance-comparison.
Further the WinCollect 10 installation process has been improved to reduce the configuration needed and the installer is now lighter. WinCollect 10 has a new "Quick Install" function to streamline the deployment workflow.
New "Source Wizard":
WinCollect 10 has a new "Source Wizard" which provides a guided experience for adding Wincollect sources. The workflow of this wizard was designed similarly to that of the QRadar Log Source Management App in order to streamline workflows. More details can be found here: https://www.ibm.com/docs/en/qradar-common?topic=console-create-source-in-source-wizard
“Auto-tuning” is an exciting and new feature of WinCollect 10 that allows the WinCollect agent to tune itself, meaning that customers no longer need to configure tuning profiles for their agents! This enhancement should make configuration much easier!
Updated "Agent Configuration File":
The Agent Configuration file which is used to control the WinCollect agents has been improved and updated to allow for easier modifications and changes to WinCollect deployment.
Additionally, we have made significant improvements to the WinCollect UI! We have added a “Source Wizard” to add sources one at time or in bulk! We’ve also added a log viewer for filter and viewing WinCollect files.
Finally, to increase supportability of WinCollect we have added a WinCollect Restart Service, to help with trouble shooting and we have added a function to easily collect logs if they are needed as part of a support case!
Will you check it out? Let me know!
Wendy Willner, Product Manager - QRadar