Windows Event Collector (WEC) - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Documentation

Cortex XSIAM
Creation date
Last date published
Administrator Guide

Windows Event Collector (WEC). The WEC runs on the Broker VM collecting event logs from Windows Servers, including Domain Controllers (DCs). The WEC can be deployed in multiple setups, and can be connected directly to multiple event generators (DCs or Windows Servers) or routed using one or more WECs. Behind each WEC there may be multiple generating sources.