cancel
Showing results for 
Search instead for 
Did you mean: 
paul.k
Level 10

Windows Endpoint event collection

Hi,

Does any one use Intel ESM to collect windows endpoint events (not server)?

If you do, how do you define the endpoints on the receiver?

Trying to define them all is insane and the number and IP addresses will change regularly,

The Hostname option using WMI is equally difficult.

I really don't want to deploy another agent if I don't have to.

Just about all of the competitors have an endpoint auto-discovery available, I don't see anything like this in ESM. Asset management does not help with end point data source addition.

Thank you,

Paul

0 Kudos
3 Replies
paul.k
Level 10

Re: Windows Endpoint event collection

Wow, so no one is collecting endpoint logs?

I guess I'll be the first

0 Kudos
proxima
Level 10

Re: Windows Endpoint event collection

Hi,

The best way to achieve that will be deploy SIEM Collector (for example through ePO) and DHCP feature in ESM to collect data.

DHCP.png

Regards

MK

0 Kudos
paul.k
Level 10

Re: Windows Endpoint event collection

Thanks,

I was thinking the same thing.

Was hoping for something a little more automated, but I guess beggars can't be choosers.

0 Kudos