Windows Event Collector (WEC) - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Documentation

Product
Cortex XSIAM
Creation date
2024-03-06
Last date published
2024-12-12
Category
Administrator Guide

The WEC runs on the Broker VM in Cortex XDR/Cortex XSIAM collecting event logs from Windows Servers, including Domain Controllers (DCs). The WEC can be deployed in multiple setups, and can be connected directly to multiple event generators (DCs or Windows Servers) or routed using one or more WECs. Behind each WEC there may be multiple generating sources.