I want to transfer windows logs to LogRhythm SIEM, but I can’t use logRhythm agent because it uses the PORT 445 which I don’t want to open.
I want to use Microsoft Sysmon. How to use it and which PORT it will use and is it secure?
I’m expecting a secure way to send Win Logs to LogRhythm SIEM
Sysmon is a system monitoring agent, not a log forwarding component
so how to send logs collected by Sysmon to LogRhythm?
Optimal solution depends on why you won’t give LogRhytm access to fetch the events over RPC. What are you trying to defend against?
It’s in the organisation’s policies. Is there a way to transfer windows logs securely to logRhythm without using the port 445?
my own preference would be to use Windows’ built-in event forwarding to centralize the events on a single box and the have LogRhythm collect them from that one box – then you only need a policy exception for 1 box instead of all of them 🙂
Show 2 more comments