Is there a doc showing how to monitor a Windows/AD system?

I see there are many different collectors available for different items in AD or WIndows.

I see there is the Agent Manager for Windows Agents, but I cannot quite nail down what Agents can collect vs what a Collector can collect?

I am at a point where I do not yet know WHAT I want to collect, since I do not know what I CAN collect  So first, what is available to collect (from what format? agent or collector) then I can pick and chose the elements i need I suppose.

Or start more simply:  How are the Agents different than Collectors, specifically in the context of Windows and Active Directory?

Tags:

Parents
  • 0  

    SAM will essentially collect anything that's in the Windows Event logs (and possibly other logs as well).  You install an agent (managed or unmanaged), configure a policy telling the agent what to collect.  The agent then sends these events on to a "Central Computer", which then forwards to Sentinel itself.

    Sentinel Collectors tend to be agentless whereas SAM is an agent based solution.  Windows doesn't have a native syslog client so SAM was the solution to that.

Reply
  • 0  

    SAM will essentially collect anything that's in the Windows Event logs (and possibly other logs as well).  You install an agent (managed or unmanaged), configure a policy telling the agent what to collect.  The agent then sends these events on to a "Central Computer", which then forwards to Sentinel itself.

    Sentinel Collectors tend to be agentless whereas SAM is an agent based solution.  Windows doesn't have a native syslog client so SAM was the solution to that.

Children