I'm a complete rookie at this and just setting this up on my home network. I'm running Windows 10 on a few PC's and have a dedicated PC with VirtualBoxes for QRADAR CE, Kali and Metasloitable.
I was hoping there might be some instructions for a simple home network setup and it looks like Jose Bravo has *almost* the perfect videos for me, but he's using Squid which I'm not familiar with. I'm thinking QRADAR would read logs from the Windows firewall or my Linksys mesh router, but to no avail so far.
When I add a DSM, I don't see anything for Microsoft Windows Defender in the list, although a Windows Defender ATP (what's that?) is mentioned in the b_dsm_guide.pdf but doesn't appear in the list of Log Source Types.
I've installed and used the QRadar Log Source Management app with no success. It looks like this app changed from the morning of 4/18 to the evening. The layout changed. I also got a notice that fixes were available for several DSM's and a protocol, but Fix Central didn't seem to be working for me.
If anyone knows of any papers or video to get Windows Log data flowing, I'd really appreciate it. In the meantime, I'll keep searching and trying things.
Thanks in advance,
John
------------------------------
John Tyson
------------------------------