Hello,
I'm setting up the of collecting/forwarding logs from several different sources, with details below:
- Windows systems (Microsoft Security Event Log): From the IBM tutorial, it is apparent that MSRPC Log is the best method when it comes to agentless options
- Microsoft IIS Server: Should I configure QRadar to connect to it by using the IIS protocol or configure Wincollect to forward IIS events to Qradar? Another option is Winlogbeat from Elastic where I'm having an enterprise license
- Apache Tomcat Server: I'm using Filebeat from Elastic where I'm having an enterprise license
Look forward to receiving your support.