Forum Discussion
How to forward events of on-premises windows machines that has no internet?
Hello,
One of my client has multiple windows machines that has no internet but they want to forward windows event to Sentinel for monitoring. Since these machines has no internet so we can not install Arc on it (as per my understanding). Also, I found this article https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/forward-on-premises-windows-security-event-logs-to-microsoft/ba-p/3040784 which is somehow related to this scenario.
Will this above article helps me to achieve this or is there any other method available?
1 Reply
hello
I believe this article is very well written, I believe it works.
I found these videos that may also help you.Another solution maybe it's to use 3rd software party, however it can be more difficult to configure like logstash.
https://www.youtube.com/watch?v=urRWkyzRI78
https://www.youtube.com/watch?v=gUOl82434Ic
https://charbelnemnom.com/windows-forwarded-events-and-microsoft-sentinel/?expand_article=1
if you liked it mark the answer with a like.
if you thought this answer helped in any way please mark it as best answer
