Microsoft Windows Security Event Log

The IBM® QRadar® DSM for Microsoft Windows Security Event Log accepts syslog events from Microsoft Windows systems. All events, including Sysmon and winlogbeats.json, are supported.

For event collection from Microsoft operating systems, QRadar supports the following protocols: