Securing Windows End Points: Windows Logs, Sysmon and QRadar Webinar

 View Only

Securing Windows End Points: Windows Logs, Sysmon and QRadar Webinar 

Tue May 10, 2022 02:20 PM

Watch the On-Demand Webinar Today


• Brief White Board Introduction
• Rules Capabilities in the Endpoint Content Extension
• Bringing standard Windows and Sysmon Logs to QRadar with Win Collect
• Customer Experiences
• Question and Answers from our Panelists


None would argue that Windows systems can use all the protection we can give them. Not only they are under constant attacks, but also new vulnerabilities are discovered much too frequently.

Standard Windows logs have become better and QRadar has free rules that can detect many attacks. If you enhance those Windows logs with the free Sysmon from Microsoft, QRadar can do real wonders detecting sophisticated and obfuscated attacks.

To prove this, I have pulled two of the developers of those rules (Gladys Koskas and Mo) who are going to show concrete examples of that detection. Also I have lined up Wincollect developer (Josh Ryan) who is going to show how easy it is to set Wincollect to send only significant Sysmon logs to QRadar with minimal EPS impact. After that, we will have two engineers (Kevin and Stephen) from one QRadar customer sharing how these technologies have enable them to uncover bad guys while trying.

We will close the session with 15 minutes for you to ask questions to these distinguished professionals.


Jose Bravo
Security Architect, North America at IBM Security

Gladys Koskas
QRadar Content Development Lead at IBM Security

Mololuwa Josiah
Security Content Developer at IBM Security

Josh Ryan
Software Engineer at IBM Security

Kevin Wood
Director, CISO

Stephen Murphy
Associate Director, Cyber Security Operations


0 Favorited
1 Files


Wed May 11, 2022 08:39 AM

Does a managed Wincollect scale for over 10,000 computers? Can we use a managed Wincollect for a large number of clients. 
What is the limit on number of unmanaged Wincollect 10 per EP or Qradar collector?