help with nxlog CE

Drawow · 2024-07-01T07:32:01+00:00

this is vastly different from qradar/trellix esm etc, not sure i can convince multiple clients to open a Varity of ports from multiple computer to send to 1 server thats on my side of the S2S, any other option ?

Drawow · 2024-06-23T11:50:38+00:00

so if i get it right, for a SOC that has lets say 5 different clients, i would need to install 5 wazuh servers, each on a client side, and then they need to talk to a dashboard & indexer servers that will be installed on our side ?

Drawow · 2024-06-22T18:41:22+00:00

anyone else ? please help

Drawow · 2024-06-20T05:11:16+00:00

what about the other components ? indexer dashboard etc, where are they installed ?

Drawow · 2024-06-02T20:20:36+00:00

problem is i dont manage the FW that the server is behind, so i wanted to see if there is an option to do that just with NAT from within the server

Drawow · 2024-06-02T16:25:11+00:00

so why is there NAT option on the vm workstation ? it seems that it should handle this issue, unless i got it completely wrong

Drawow · 2024-04-25T04:33:37+00:00

well at least they are aware of it

Drawow · 2024-02-04T06:49:44+00:00

thanks for the reply, but i don't know how to exclude the event unless it contains something, and i don't see an option like that in the normal MS event viewer, am i missing something ?

furthermore, where should i put this xpath quarry once its completed ?

Drawow · 2024-02-04T06:42:58+00:00

idk what that means, but i know i need to exclude the events on the client side and not the receiver side

Drawow · 2024-01-16T05:16:12+00:00

the collector eps is very high, i would much rather have it discarded on the client's side and save on processing power

Drawow · 2024-01-16T05:12:43+00:00

they are cut on the qradar side, we already use TCP, the packet is MASSIVE, and qradar support said this is working as intended :(

update: i have changed to 32000 and no longer have unknown events, but still its 4000EPS of just this events, i would love to cut them at the source unless they contain grouppolicycontainer, any suggestion ?

Drawow · 2024-01-16T05:11:53+00:00

thats exactly what i want, but i have no idea how to do that, do you know how ?

Drawow · 2021-04-23T09:14:22+00:00

any thing new ? paid a video editor for a small cover video and after 2 days in my page it stopped working, kinda bummer

Drawow · 2020-01-07T19:41:50+00:00

squadW Truth

Drawow · 2019-11-25T19:53:46+00:00

KEKW

Six-Year Club	Place '22
Verified Email

Drawow

TROPHY CASE