Campaign: Feature Requests

LI Agent to collect Microsoft Event Viewer in XML format

Microsoft (until recently) has not natively supported syslog. Event viewer's native format is XML. While the LI agent can collect event viewer logs, it formats them in a proprietary way. It would be ideal to collect in a standard format so when forwarding such events to a third party syslog destination (e.g. SIEM) the third party could properly parse it (without a custom parser). XML is that standard for Microsoft. ...more »

Submitted by

Type : New Feature

Voting

1 vote

Campaign: Content Packs

Windows Firewall Advanced Content Pack

Extract more Details from Windows Firewall File-Log

(ContentPack is attached)

 

- Blocked Connections by Source IP

- Blocked Connections by Destination IP

- Blocked Connections by Source Port

- Blocked Connections by Destination Port

- Blocked Connections by Protokoll

- Blocked Connections by Hostname

- Disabled / Enabled Firewall

Submitted by

Type : Content Pack

Voting

8 votes

Campaign: Feature Requests

Log Insight to properly handle Microsoft DNS debug text log

Within our environment our security team would like to enable a subset of the DNS debug log and use Log Insight to ingest it. This would allow us to capture requests to our internal space incorrectly leaving to internet resolvers, for instance. And that works well. By enabling Log Insight we would be able to keep the text debug log itself small. However this type of 'debug' log does not roll over to a newly named file ...more »

Submitted by

Type : New Feature

Voting

2 votes