Learn more about renewing your WEC certificates in Cortex XSIAM.
Renewing your WEC certificates in Cortex XSIAM includes renewing your Windows Event Forwarding (WEF) client certificate and your WEC server certificate. You must install the WEF certificate on every Windows server, whether a Domain Controller (DC) or not, for the WEFs that are supposed to forward logs to the Windows Event Collector applet on the Broker VM.
Important
After you receive a notification for renewing your WEC CA certificate, we recommend that you do not add any new WEF clients until the WEC certification renewal process is complete. Events from these WEF clients that are added afterwards will not be collected by the server until the WEC certificates are renewed.
In addition, Cortex XSIAM manages the renewal of your WEC certificates by implementing the following time limits:
The WEC CA certificate is increased for an extended period of time for a maximum of 20 years.
The Broker VM applet includes an automatic renewal mechanism for a WEC server certificate, which has a lifespan of 12 months.
The WEC client certificate after the renewal is issued with a lifespan of 5 years.
Perform the following procedures in the order listed below.