Windows Desktops Log Collection – Methods Comparison

Posted on Updated on

Hi folks! I’m glad of receiving good feedback from you guys! The topic of this post was one recent request from our followers, asking about what the best way to send windows logs to QRadar is. As you can imagine, there’s no best solution, it depends on what kind of environment we have. So to reply this question as simple and short as possible, I created the following table comparing some log collection methods.

WindowsLogsComparison

To get more information about the Snare Agent, you can check out the vendor website. To get more information about the another two collection methods, you can check out our post about configuring log sources and the official documentation in this another post.

Do you have any question or suggestion? Let us know in the comments!

Advertisement

This entry was posted in Administration, Integrations and tagged , , , , , .

One thought on “Windows Desktops Log Collection – Methods Comparison

    Samuel Rossier said:
    August 13, 2015 at 3:27 am

    Great, helps me a lot! However, I found that Snare has much more features than WinCollect, as filtering and distributing different events to different SIEMs. Therefore, I would also use this one even for large environment. What are your thoughts?

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s