In the WinC (Windows Native Connector), can collect specific *.evtx event logs using the **Custom Event Logs** feature. Here’s a step-by-step guide to configure this setting.
Environment
OS: Windows
Smart Connector version:8.x
Situation…
On the SmartConnector General Documentation, the
Technical Note on WinRM-related Issues
2019-07-31
has been replaced by
SmartConnector Recommendations for Windows Event Log Collection
2019-09-19…
ArcSight SmartConnectors can help you save money on licensing costs through normalized event filtering and aggregation to reduce your EPS. Video created by David Cygan , Sales Engineer, Presales, AMS
Watch video on YouTube
A series of - admittedly rather old - YouTube videos from our well known ArcSight experts. Some of you may still find some value in watching some of them!
Data collection, enrichment and custom processing – YouTube videos
ArcSight SmartConnector…
This is helpful for customers that do not utilize the ESM and only have Connector Appliance or Connectors and do not know the syntax for filtering
= - EQ "x"
!= - NE "x"
IS NULL - Is "NULL"
IS NOT NULL - Is "NOT NULL"
< - LT x x=numerical…