Windows 10: Log Collection for SIEM Forwarding

I have Windows environment using Active Directory and I need to collect logs from all windows systems and share logs with SIEM. How can I collect logs from Windows systems?I have a working syslog server in production. Can I forward event from Windows to Syslog server?

:)

 

SIEM Integration With Microsoft Endpoint Configuration Manager

Is it possible to forward antivirus logs in Microsoft Endpoint Configuration Manager to a SIEM? If so, how is this done; via API or syslog?

 

How to integrate Microsoft DNS logs with SIEM

Hi Team,

I am an SIEM engineer and want to integrate Microsoft DNS logs with ArcSight ESM for security monitoring. Currently we are using flat file read (DNS logs are dumped in a flat file and we read logs from it using ArcSight connectors). But we are facing many
issues and the monitoring isn't continuous.

I need you help in getting logs from DNS server to SIEM. Is there any other method other than flat file read? Can we write DNS logs in event viewer and read from there? Or any other method you can help me out with?

Thanks in Advance.

Regards,

 

Windows Server 2012 R2 Core Logging & Intgegration in SIEM

Dear All,

In my environment, we have two servers which are running on MS Windows Server 2012 R2 Core without GUI, so only I can type the commands to do any configuration on them.

So now my concern here is that how I can integarte those two servers in one SIEM for logging. As on this machine one HyperV is running and I want to capture the logs of that.



What are the configuration steps which I need to perform on the server to get this done?

Can I capture the logs via Syslog method or is there any agent which needs to be installed or need to run any commands in Power Shell mode to get this done.

Pls add your suggestions and ideas on this, as this is very critical to fix in RSA SA as per the audit finding.

Regards,

Deepanshu Sood