IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to Library

Different wincollect installations and which one to choose!! 

Mon May 17, 2021 07:36 AM
Statistics
0 Favorited
28 Views
1 Files
0 Shares
18 Downloads
Attachment(s)
docx file
QRadar Windows Integration Blog.docx   171 KB   1 version
Uploaded - Mon May 17, 2021
 
Download

Comments

Karl Jaeger
Tue July 20, 2021 11:52 AM

Shashank Soni, excellent white paper. Especially valuable for MSSPs and large onprem installs. Some comments on the alternatives you listed.
3rd party windows solutions: i see man customers fail as winlogs are converted to syslog 1st, then collected somewhere and finally forwarded to QRadar not beeing able to detect logsources already merged into each other. Bad approach! WMI is too much overhead if you got > 20-50 winserver depending on how much iron you gonna throw at it. MS azure is just fine if you follow the rules. MS O365 requires e5 level which many users dont have.