IBM Security QRadar

 View Only

Which is the most simple way to collect events from Windows systems, IIS and Apache Tomcat servers?

  • 1.  Which is the most simple way to collect events from Windows systems, IIS and Apache Tomcat servers?

    Posted Thu October 31, 2019 03:54 AM
    Hello,

    I'm setting up the of collecting/forwarding logs from several different sources, with details below:

    • Windows systems (Microsoft Security Event Log): From the IBM tutorial, it is apparent that MSRPC Log is the best method when it comes to agentless options
    • Microsoft IIS Server: Should I configure QRadar to connect to it by using the IIS protocol or configure Wincollect to forward IIS events to Qradar? Another option is Winlogbeat from Elastic where I'm having an enterprise license
    • Apache Tomcat Server: I'm using Filebeat from Elastic where I'm having an enterprise license
    Look forward to receiving your support.