ArcSight’s WUC and WiNC with Native Windows Event Collection: How to Get Events into ArcSight Without the Pain

Webinar Registration

[Special note to ArcSight users already using WEC – we’d like to hear from you before the webinar – just reply to this email]

ArcSight can consume Windows forwarded events log using either their Windows Unified Connector or their newer Windows Native Connector. In this webinar I’ll discuss your options and the pros and cons of WUC and WiNC – particularly with regard to integration with Windows built-in Windows Event Collection capability which frees you from the burden of installing agents or remotely reaching into system to collect events with all the associated security, management and scalability problems.

Difference between WUC and WiNC – especially with regard to Windows Event Collection

The Native connector (WiNC) is ArcSight's Windows Event Log collection SmartConnector. It uses native Microsoft technology and has broad capabilities, but can be installed only on Windows systems.
The Unified connector (WUC) is ArcSight's legacy Windows Event Log collection SmartConnector. It is a portable connector that can be installed on both Windows and Unix systems. This is achieved through a Java implementation of the Windows logging technology (JCIFS), which limits the connector to JCIFS technical capabilities.

We will get into nitty gritty details like:

Scalability
Pre-filtering
IPv6
SMB
Configuration
Custom event logs
OS support

I’ll also provide an overview of Windows Event Collection and how you can filter noise events at the source.

I’ll finish up by showing you how LOGbinder Supercharger automates and centralizes the management, implementation and monitoring of WEC. I'll show you both Free and Enterprise editions of Supercharger and how they help you to answer these questions:

How to manage multiple collectors?
Is WEC really working?

Which computers are failing to forward security logs?
Are we missing any computers?

Is my WEC collector overloaded?

Dropping events?
Unresponsive?
Approaching capacity?

How do I balance the load of many event sources between multiple collectors?
How do you optimize Windows for dedicated Windows Event Collection?

TCP connection lifecycle
Autologger buffer settings
WEC batching and latency

How do you create custom destination logs to avoid overloading ForwardedEvents

Please join us for this specific and in-depth real training for free session.

Required

First Name:	Required
Last Name:	Required
Work Email:	Required Invalid email address
Job Title:	Required
Organization:	Required
How long have you been using native Windows Event Collection in production?:	RequiredRequired
How many Windows servers in your organization? :	RequiredRequired
How many Windows workstations in your organization?:	RequiredRequired
	Your information will be shared with the sponsor. By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us and the sponsor. Tweet

Upcoming Webinars

Additional Resources

User name:
Password:
	/ Forgot?
	Register

July 2024 Patch Tuesday	"Patch Tuesday - Four Zero Days " - sponsored by Supercharger for Windows Event Collection

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.