How to send windows logs to LogRhythm DP using Microsoft Sysmon?

I want to transfer windows logs to LogRhythm SIEM, but I can’t use logRhythm agent because it uses the PORT 445 which I don’t want to open.
I want to use Microsoft Sysmon. How to use it and which PORT it will use and is it secure?

I’m expecting a secure way to send Win Logs to LogRhythm SIEM

  • Sysmon is a system monitoring agent, not a log forwarding component

    – 

  • so how to send logs collected by Sysmon to LogRhythm?

    – 




  • Optimal solution depends on why you won’t give LogRhytm access to fetch the events over RPC. What are you trying to defend against?

    – 




  • It’s in the organisation’s policies. Is there a way to transfer windows logs securely to logRhythm without using the port 445?

    – 




  • my own preference would be to use Windows’ built-in event forwarding to centralize the events on a single box and the have LogRhythm collect them from that one box – then you only need a policy exception for 1 box instead of all of them 🙂

    – 

Leave a Comment