Windows Log Insight
Overview
Microsoft Windows is a popular operating system developed by Microsoft since 1985.
It's available in three variants:
- Windows for desktop/laptop computers, tablets and smartphones
- Windows Server for servers
- Windows PE as a lightweight version.
Event Categories
The following table lists the data source offered by this integration.
| Data Source | Description |
|---|---|
Access tokens |
security identifiers are extracted from several events |
Authentication logs |
audit logon events are examined in detail |
Configure
As of now, the main solution to collect Windows logs with Log Insight leverages the Rsyslog recipe. Please share your experiences with other recipes by editing this documentation.
Rsyslog
Please refer to the documentation of Linux to forward events to your rsyslog server. The reader can consult the Rsyslog Transport documentation to forward these logs to Sekoia.io.