Windows event logging is a key part of cybersecurity strategy. It allows SOC to:
- Get better visibility into what’s happening on your system.
- Detect unusual activity that might be a sign of a cybersecurity incident.
- Gather information for incident response and forensics.
SOC’s Windows event logging solution uses native Windows logging and forwarding functionality. This means you can avoid deploying third party logging agents on machines from which you’re collecting event logs. You collect event logs in one central place; on one or more Windows Event Collection (WEC) servers. SOC collects these logs and analyses them.
How it works
- Windows Event Logging on a machine collects information about events that occur on that machine.
- Windows Event Forwarding sends these on to the WEC server.
- Winlogbeat Agent on the WEC sends logs on to SOC, bypassing the AARNet log-collector appliances deployed on the local network.
- SOC uses LogScale and Exabeam to collect, analyse, and monitor event logs.
Note: SOC’s servers will never initiate a connection to your WEC server.