Live Workshop: Integrate Google SecOps with Bindplane - Join Us on January 29th at 11 AM ET!Sign Up Now

Windows Events

PlatformMetricsLogsTraces
Windows

Prerequisites for Remote Configuration

Supported Versions:
  • Windows Vista or later
Minimum Setup Requirements:
  • User Permissions:
    • The user must be a member of the Event Log Readers group.
    • The user must have DCOM and WMI permissions for remote access.
  • Firewall Configuration:
    • Ensure the firewall rules allow the necessary ports: TCP 135, 445, and dynamic RPC ports (49152-65535).
  • Windows Firewall Exception:
    • Enable the "Remote Event Log Management" exception on the remote machine.

Configuration Table

Windows Event Log Receiver
ParameterTypeDefaultDescription
system_event_inputbooltrueEnable the System event channel.
app_event_inputbooltrueEnable the Application event channel.
security_event_inputbooltrueEnable the Security event channel.
suppress_rendering_infoboolfalseWhen this is enabled, the source will not attempt to resolve rendering info. This can improve performance but comes at a cost of losing some details in the event log.
custom_channelsstringsCustom channels to read events from.
Remote Configuration Options
ParameterTypeDefaultDescription
remote.serverstringThe server to connect to for remote event logs.
remote.usernamestringThe username to authenticate with the server.
remote.passwordstringThe password to authenticate with the server.
remote.domainstringThe domain of the server (optional).