Windows Event Logs

Realm Security integrates seamlessly with Windows Event Logs, enabling intelligent routing and analysis of security event logs.

Data Flow

Windows Endpoint → via (WEF) Windows Event Forwarder → Windows Event Collector Server (WEC) VM → Realm Data Collector (running on same VM as WEC) → Realm Cloud

Use Windows Event Forwarder to collect logs from all endpoints/servers to a Windows Event Collector Server (WEC). Install the Realm Data Collector on the WEC VM. The Realm Data Collector will collect logs from the Forwarded Event channel.

Setup Windows Event Logs Source in Realm

1. Login to Realm console.
2. Go to Sources > Add > Windows Event Logs and add a new Source.

   Name: Windows Event LogsDescription: Windows Event Logs

3. If a collector is already set up, go to Collectors and select your collector. If not, add a new collector.
4. Add a Windows Event Logs stream to the Collector. Click Add Stream.

   Product Format: Windows Event LogsSource: Windows Event LogsPolling Interval: Configure the poll interval of your choosing, or use the default of 5 seconds. Max Reads: Configure the maximum number of events to read per polling interval, or use the default of 100 events.

5. Click Add Stream.

Prerequisites

• Ensure you have administrative access to your Windows machine.
• Realm collector is set up and running. See Realm Collector install guide for setting up a collector.

Windows Event Forwarder

Follow this guide to configure Windows Event Forwarder: Setting up a Source-Initiated Subscription

References

• Use Windows Event Forwarding to assist in intrusion detection
• Windows Event Collector