Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    WinCollect Capabilities in

    WinCollect stand-alone deployments are available in IBM QRadar on Cloud, but managed deployments are not.

    If you need to collect Windows events from more than 500 hosts, use the stand-alone WinCollect deployment. A stand-alone deployment is a Windows host in unmanaged mode with WinCollect software installed. The Windows host can either gather information from itself, the local host, and, or remote Windows hosts. Remote hosts don't have the WinCollect software installed. The Windows host with WinCollect software installed polls the remote hosts, and then sends event information to JSA. To save time when you configure more than 500 Windows hosts, you can use a solution such as Juniper Networks Endpoint Manager. Automation can help you manage stand-alone instances.

    Review the following table to understand which WinCollect capabilities are supported by IBM QRadar on Cloud.

    Table 1: WinCollect Capabilities in IBM QRadar on Cloud

    Capability

    JSA

    IBM QRadar on Cloud

    Central management from the JSA Console or managed host.

    Yes

    No

    Automatic local log source creation at the time of installation.

    Yes

    No

    Event storage to ensure that no events are dropped.

    Yes

    Yes

    Collects forwarded events from Microsoft Subscriptions.

    Yes

    Yes

    Filters events by using XPath queries or exclusion filters.

    Yes

    Yes

    Supports virtual machine installations.

    Yes

    Yes

    Console can send software updates to remote agents without you reinstalling agents in your network.

    Yes

    No

    Forwards events on a set schedule (Store and Forward)

    Yes

    No

    You can configure each agent by using the Configuration Console.

    Yes

    Yes

    You can update software with the software update installer.

    Yes

    Yes

    Create an authentication token for WinCollect agents

    Yes

    No

    Note: Contact the IBM SaaS team (sisaasop@ca.ibm.com) to have an authorized token generated for you.

    Modified: 2017-09-13