Windows Event Collector (WEC) - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Documentation

Product
Cortex XDR
Creation date
2024-03-06
Last date published
2024-12-30
Category
Administrator Guide

The WEC runs on the Broker VM in Cortex XDR/Cortex XSIAM collecting event logs from Windows Servers, including Domain Controllers (DCs). The WEC can be deployed in multiple setups, and can be connected directly to multiple event generators (DCs or Windows Servers) or routed using one or more WECs. Behind each WEC there may be multiple generating sources.