Hello Dears,
As we know, DLC doesn't store any logs , only forward them to Qradar. If i need store logs on the client site, what i need ?
Scenario 1
1000 PCs - Windows machines. Installed WinCollect (with CA)
Logs from these machines forwarding to Disconnected Log Collector (which installed on client site).
Will communicate Wincollect with Disconnected Log Connector ? Are they support communicate ?
DLC forwarding logs from these 1000 Windows machines to Qradar for Correlation.
On Qradar site, we don't store any logs, only correlation. But Client need store events for a 90-180 days. Which solution you can advise ?
Will we need install DataStore Node on a client site, and after the correlation , transfer all logs to datastore (which will install on client site)
So, how i can store the event data on client site ? Will i need DataStore Node ?
Or, you can gave the best solution for this task.
Priority - All events need to be encrypted.
------------------------------
Ali Bayramov
------------------------------