Hi Mac,
the limit is a little higher than 20EPS -> 100 EPS / Windows host.
Unless you have a very small enterprise, you won't have enough capacity for an AD server. These beasts are quite verbose.
Anyways, if you want to have a look at MSRPC,
IBM support has published some info on this webpage:
https://www-01.ibm.com/support/docview.wss?uid=swg21700170 You will find the procedure for the detailed configuration in this document:
ftp://ftp.software.ibm.com/software/security/products/qradar/documents/iTeam_addendum/b_dsm_guide.pdf
Look for "Microsoft Security Event Log over MSRPC Protocol"
Good Luck!
------------------------------
Anthony Gayadeen
Analyst
Videotron
QC
------------------------------
Original Message:
Sent: Fri April 19, 2019 12:35 AM
From: MAC Strater
Subject: Ingest log from AD
Hi
I need to ingest log from AD without agent installed. Is it imposslble?
------------------------------
MAC Strater
------------------------------