0

I want to transfer windows logs to LogRhythm SIEM, but I can't use logRhythm agent because it uses the PORT 445 which I don't want to open. I want to use Microsoft Sysmon. How to use it and which PORT it will use and is it secure?

I'm expecting a secure way to send Win Logs to LogRhythm SIEM

asked Jan 31, 2024 at 10:57
7
  • Sysmon is a system monitoring agent, not a log forwarding component Commented Jan 31, 2024 at 11:04
  • so how to send logs collected by Sysmon to LogRhythm? Commented Jan 31, 2024 at 11:14
  • Optimal solution depends on why you won't give LogRhytm access to fetch the events over RPC. What are you trying to defend against? Commented Jan 31, 2024 at 11:17
  • It's in the organisation's policies. Is there a way to transfer windows logs securely to logRhythm without using the port 445? Commented Jan 31, 2024 at 12:07
  • my own preference would be to use Windows' built-in event forwarding to centralize the events on a single box and the have LogRhythm collect them from that one box - then you only need a policy exception for 1 box instead of all of them :) Commented Jan 31, 2024 at 14:21

0

Know someone who can answer? Share a link to this question via email, Twitter, or Facebook.

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.