Help
FortiSIEM
FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
Andy_G
Staff
Staff

Created on ‎10-10-2016 12:37 AM Edited on ‎04-06-2022 11:10 AM By Anonymous

Article Id 191752

Technical Note: [Accelops KB] Informational - How does AO receive Windows Events?

Description

Summary of Topic

AO can get events from Window Event Logs in one of two ways.

1) WMI:  AO will pull windows events with each WMI poll.  The default interval is 3 minutes.

2) Epilog:  Epilog by Snare can be installed on any windows device and configured to send the windows events "real time"

 

Additional information

The first method only pulls every 3 minutes by default.  The second method is close to real-time.  Instructions for setting up method 2 are in our User's Guide.

 

Version Application

All.



 

 

Labels:
340
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.