Hi Amy,
we were going to develop a powershell script for this a year ago, but since wincollect had importent issues, we decided to install the splunk Agent, and forward the logs from splunk to Qradar instead.
This way the operations teams can have their logs in splunk, and we can forward security logs to Qradar.
I know that wincollect as a newer version (7.2.8 fix1) that seems more stable. We might reconsider installing the agent in a few months. If we do, we'll be back to comment here.
Good luck!
------------------------------
Anthony Gayadeen
------------------------------
Original Message:
Sent: 12-18-2018 12:07 PM
From: Amy Smith
Subject: Script to test Windows set up properly for WinCollect?
I have a customer who would like to use a script to test that their windows machines are properly configured for WinCollect before setting it up via bulk load in the Log Sources on the Admin tab.
For example, they can go in using the service account to check if they can see logs on the target machine's remote event viewer. But they'd like to check that for the 100's of machines that they need to set up.
Has anyone here ever put together a script to test this out?
------------------------------
Amy Smith
Executive Cloud Security Architect
IBM
Alexandria, VA
+1 571 302 1016
------------------------------