0 Replies Latest reply on Aug 1, 2016 12:14 PM by moorej1

    Log collection Options for Windows -> WMI pulls, SIEM Collector v11 (MEF).

    moorej1

      After several attempts it appears that the SIEM Collector v11 works on some Windows OS and not others (reference SIEM Collector Release Notes).

       

      I am able to perform WMI Pulls from:

      Windows 2008 R2

      Windows 2012 std (needed Administrator, couldn't get the non-admin method to work) <--- HOLD ON I got it to work using domain name first such as DOMAIN\ServiceAccount

       

      Need to have the service account in the below groups:

      a)   Administrators group

      b)   Distributed COM Users group

      c)    Event Log Readers group.

       

       

       

      Able to use SIEM Collector v11 on:

      Windows 10

      Windows 7

       

      Windows 7 SIEM Collector.PNG

      wmiPull Win2008R2.PNG

       

      How to use a non-Admin account for WMI

      https://kc.mcafee.com/agent/index?page=content&id=KB74126&actp=null&viewlocale=e n_US&showDraft=false&platinum_status=true&locale=en_US

       

      SIEM Collector for Windows Installation:

      https://kc.mcafee.com/agent/index?page=content&id=PD26554&actp=null&viewlocale=e n_US&showDraft=false&platinum_status=tru…

       

      SIEM Collector Release Notes (which has supported OS):

      https://kc.mcafee.com/agent/index?page=content&id=PD26555&actp=null&viewlocale=e n_US&showDraft=false&platinum_status=tru…