This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Collecting Sysmon logs via WinRM

JayAlexander
Contributor
Contributor

‎2020-09-10 12:40 PM

Sysmon service is running and generating events that I see in Event Viewer. I've add the channel: Microsoft-Windows-Sysmon/Operational on the Log Collector. But I don't see Sysmon logs in Netwitness Investigate. I see logs from other channels. Is this a parser issue? Any help would be appreciated.

0 Likes
4 REPLIES 4

DaveGlover
Trusted Contributor Trusted Contributor
Trusted Contributor

‎2020-09-10 01:14 PM

Jay

 

Do you see them at all from an unknown device type perspective? Are there any errors in the log collector winrm logs?

 

Dave

0 Likes

JayAlexander
Contributor
Contributor

‎2020-09-13 07:46 AM

No, I don't see sysmon logs under the unknown device type or anywhere else.

No winrm logs on the collector.

0 Likes

sravan.koneti
Respected Contributor Respected Contributor
Respected Contributor
In response to JayAlexander

‎2020-12-24 09:48 PM

HI Jay Alexander‌,

Please grant additional permissions to custom channel in windows server. This document https://community.rsa.com/docs/DOC-108785  has steps for security channel. 

0 Likes

ThanhPham-NCS
New Contributor
New Contributor
In response to JayAlexander

‎2023-04-12 09:58 PM

Hi @JayAlexander , Have you resolved the issue yet?  and could you please let me know the reason why? Thank you very much.

 

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.