Upload files to "8 Tools/WEC"
This commit is contained in:
BIN
8 Tools/WEC/WEC-WEF-Symon_Guide.odt
Normal file
BIN
8 Tools/WEC/WEC-WEF-Symon_Guide.odt
Normal file
Binary file not shown.
47
8 Tools/WEC/WEC_SOG.md
Normal file
47
8 Tools/WEC/WEC_SOG.md
Normal file
@ -0,0 +1,47 @@
|
|||||||
|
# WEC SOG
|
||||||
|
|
||||||
|
https://youtu.be/seuyYmgU95s?si=FKCfYHl25NTj4R1P
|
||||||
|
|
||||||
|
### CLIENT
|
||||||
|
|
||||||
|
open command prompt
|
||||||
|
```
|
||||||
|
winrm qc
|
||||||
|
y
|
||||||
|
```
|
||||||
|
|
||||||
|
computer > manage
|
||||||
|
local users and groups > groups
|
||||||
|
event log readers group
|
||||||
|
click on it
|
||||||
|
add
|
||||||
|
object type
|
||||||
|
unclick all, click computers
|
||||||
|
enter object name > (CLICK WHO YOU WANT AS THE COLLECTOR)
|
||||||
|
OK
|
||||||
|
OK
|
||||||
|
OK
|
||||||
|
CLOSE
|
||||||
|
|
||||||
|
|
||||||
|
### SERVER
|
||||||
|
|
||||||
|
start menu > event viewer
|
||||||
|
subscriptions
|
||||||
|
do you want windows event service to be running > yes
|
||||||
|
right click on subscriptions > create subscription
|
||||||
|
|
||||||
|
```
|
||||||
|
subscription name: Wec Collection
|
||||||
|
description: collecting logs from clients
|
||||||
|
CHECK source computer initiated
|
||||||
|
TEST
|
||||||
|
events to collect:
|
||||||
|
select events
|
||||||
|
event level: critical, warning, error
|
||||||
|
by log: application, security, system
|
||||||
|
OK
|
||||||
|
OK
|
||||||
|
```
|
||||||
|
|
||||||
|
Look at forwarded events to see what is going to your SERVER
|
||||||
Reference in New Issue
Block a user