Forum Discussion
Windows event logging to SIEM (Sentinel)
I am working in a landscape where several old systems are active. Yes, it's a concern that receives attention and is being addressed, but it's separate from this question. For the SOC we need Eve...
Clive_Watson, thanks for your reply.
I heard concerns that the format of this content (the content collected via WEF/WEC) seems slightly different than when MMA or AMA is used. Is that correct? Even if the final step is using AMA to ingest the traffic into Sentinel?
That person stated that it may impact at the time we migrate to ARC/AMA for all the systems.
Given that you have 8 days, I'd look to use WEC for now - I dont have a demo systems anymore, so cant comment on the impact, perhaps others will know.
The WEF process is via AMA on the internet connected Server so that (should) align the schema.
The WEF process is via AMA on the internet connected Server so that (should) align the schema.