LOGbinder Blog

Updates, Tips and News   RSS Feed  

Supercharger Now Supports Certificate-based WEC Over-the-Internet and Entra-joined / Non-AD Windows Device Scenarios

Thu, 27 Mar 2025 17:14:09 GMT

We are excited to announce the culmination of project Wildfire - the biggest enhancement we have ever made to Supercharger.  Wildfire helps you keep pace with the need for constant vigilance of endpoints and the migration from AD/Group Policy managed workstations to the modern Entra-joined PC. 

Wildfire empowers you to

  1. Get the same agentless log collection for Entra-joined, Intune-managed Windows devices as you have always had for classic AD/Group Policy managed Windows systems. 

  1. Forward logs over the Internet.  Keep those security logs flowing no matter where you Windows PCs are.  As long as the computer has Internet access you can maintain vigilance of what is happening on it - whether it is at the office, working from home, at a client or traveling.   

With Wildfire, Supercharger now 

  1. Can load balance Entra-joined Windows devices by querying Microsoft Graph for Windows devices and assigning them to WEC collectors by their DNS name.  You can scope which Windows devices are assigned by Entra group membership or other attributes on the Device object in Entra.   

  1. Helps you implement both server (collector) and client (forwarder) certificate authentication for WEC scenarios where Kerberos is unavailable such as non-AD member computers and WEC over-the-Internet. 

  1. Provides you with the exact Intune Configuration Policies and Detection and Remediation Scripts to ensure your Windows devices are configured to find and authenticate to your WEC collectors. 

Supercharger guides you step-by-step through (and automates much of) the complex process of configuring WEC collectors for certificate-based authentication, connecting to your Entra ID tenant, deploying client certs to your Entra-joined PCs and configuring them to target your WEC collectors via Intune.  You can setup a load balancer comprised of multiple collectors to accepts events from tens of thousands of Windows devices based on Microsoft Graph queries of Entra-joined Windows devices and/or computers from your AD domains. 

Along with Wildfire, we are announcing a new resource at www.LOGbinder.com - the WEC Encyclopedia which explains every aspect of Windows Event Collection and documents the knowledge we have gleaned through years of helping customers manage large WEC installations.   

Most articles in the WEC Encyclopedia end with a section entitled "How Supercharger Helps..." and to learn more about the new features in Wildfire check out https://www.logbinder.com/WindowsEventCollection/WithEntraJoinedWindows11 or sign up to watch here.

As endpoint security risks continue to grow and companies migrate to the "modern" PC, Supercharger is there to help you maintain vigilance and compliance at the endpoint without agents. 


Protecting Against Today's Latest Hacks

Thu, 02 Feb 2023 17:14:09 GMT
In today's digital age, hacking has become a major threat to individuals, businesses and organizations. With the increasing sophistication of cyber-attacks, it's essential to understand the latest hacking methods and how to protect against them. Here are some tips to help you stay ahead of the curve.
  1. Keep Software Up-to-Date: Regular software updates are a crucial step in protecting against the latest hacks. Software vendors often release patches to fix vulnerabilities that hackers may exploit. So, it’s important to keep your software updated at all times.  To help stay up-to-date you can subscribe to Patch Tuesday (MS patches) and Patch Monday (3rd party non-MS patches) over at UltimateITsecurity.com.
  2. Use Strong Passwords: Strong passwords are the first line of defense against hacking attempts. Use a combination of upper and lowercase letters, numbers and special characters to create a password that's difficult to crack. Avoid using easily guessable information such as birthdates or names. Combinations such as "password123" and "asdf1234" are not secure passwords.
  3. Enable Two-Factor Authentication: Two-factor authentication (2FA) adds an extra layer of security to your accounts by requiring a second form of verification in addition to your password. This could be a one-time code sent to your phone or a fingerprint scan.
  4. Backup Your Data: Regular data backups can help you recover quickly if your system is hacked. Store your backups in a secure location and make sure they're encrypted.
  5. Use Antivirus Software: Antivirus software can help protect against malware and other cyber-attacks by detecting and removing harmful files. Make sure to use a reputable antivirus software and keep it updated.  Most Windows systems have built-in antivirus but if you are using a hosted solution like Office365 you may want to check your subscription to see includes any additional endpoint protection, analytics and other protection features.
  6. Be Cautious with Email Attachments: Email attachments are a common way for hackers to deliver malware. Be wary of emails from unknown sources or emails that look suspicious and never open attachments from untrusted sources.  Never click on links in emails from unknown sources.  Phishing is one of the most effective but easily prevented exploits.  End user education about smart email security best practices is worth its' weight in gold.
  7. Be Careful on Public Wi-Fi: Public Wi-Fi networks are often unsecured, making them easy targets for hackers. Avoid accessing sensitive information on public Wi-Fi and use a VPN to encrypt your connection.
  8. Educate Yourself: Finally, stay informed about the latest hacks and cyber-attacks. Read news articles, attend training sessions and keep up with best practices to stay ahead of the curve.
In conclusion, protecting against today's latest hacks requires a combination of technical measures and awareness. By following these tips, you can reduce your risk of being hacked and keep your personal and professional information secure.  If you are an enterprise environment and want to collect logs from all of your desktops, laptops and servers then you may want to have a look at our Supercharger product.  Supercharger can help you not only get Windows Event Collection configured in minutes but also help you manage WEC across your organization almost instantly.

Supercharger 22.8.2 Adds Cross Domain Forwarding

Fri, 26 Aug 2022 19:00:48 GMT
One of the things we value the most at LOGbinder is customer feedback.  We are fortunate to have some very large customers that are willing to work very closely with us.  In our many conversations with our customers there has been a much requested feature; cross domain forwarding.  We are happy to announce today that as of version 22.8.2, Supercharger now includes cross domain forwarding. Let's answer a few questions:

What is it?  How does it work in Supercharger? What to expect when you upgrade a current installation?

What is cross domain forwarding?

When we talk about cross domain forwarding we are referring to using a WEC subscription to collect events from endpoints that reside in multiple domains.  

How does it work in Supercharger?

In Supercharger, after clicking on a domain, you will now see a tab named "Trust".  This tab lists the trust relationships that are discovered in Active Directory.  To enable cross domain forwarding between domains click on the "Enable" button next to the trust you want to work with.  There may be multiple domains listed but you only need to enable trusts for the domains you want to forward events between.

By enabling a trust you are ensuring that Supercharger properly synchronizes computers in the trusted domain so that forwarder analysis and load balancing can find forwarders in the trusted domain.  This allows the health features of Supercharger to work properly across domains.

Once enabled you will be able to select these domains when creating cohort elements on Load Balancers.  As you can see in the screenshot below we can create cohorts from both domains we have trusts enabled in. 


Just to be clear, cross domain forwarding means we can have endpoints from multiple domains.  It does not mean that we can have forwarders from domains sending events to WEC collectors from various domains.  The collectors on the Load Balancer will be from one domain.

What to expect when you upgrade a current installation?

You can download the latest version from here. Run the installer on your current Supercharger Manager.  All existing Supercharger collectors will upgrade themselves automatically.  If you have any existing trusts in any domains that exist in Supercharger these will be listed on the "Trusts" tab.

Log4J Java Library Vulnerability

Tue, 14 Dec 2021 19:31:49 GMT
By now you have read of the Log4J flaw that exists in the wild. Our technical team monitors new security vulnerabilities and within hours they checked in with our programming staff to find out about the impacts of Log4J on our solutions.  Over the last 48 hours we have also had many customers reaching out to us to find out if LOGbinder for Exchange, SQL Server or SharePoint are affected as well as Supercharger for Windows Event Collection.  We are happy to report that none of our products are affected by the Log4J Java Library vulnerability.

Latest version of Supercharger brings 50+ updates

Thu, 15 Apr 2021 10:54:34 GMT

Towards the end of 2020 and in to 2021 something big has been happening with Windows Security.  Over the past few months, the interest in Windows Event Collection (WEC) has exploded exponentially.  Our sales team has reported that the number of inquires, quotes and sales has gone through the roof.  The feedback we have been receiving about Supercharger for WEC is proof that so many organizations out there are focusing on getting event logs from all endpoints (servers/workstations) into the SIEM.  Over the years we have taken pride in our Supercharger software but today we have reason to really stand tall and puff out our chest.

Our latest version of Supercharger, 21.3.16, is being released.  It contains over 50 different enhancements and bug fixes.  Here are just a few:

  • Supercharged performance enhancements - some customers have previously expressed concerns about the load times in Supercharger, especially those with 100,000's of endpoints and 100's of subscriptions.  The improvements in our latest version speed up operations in Supercharger from smaller 1,000+ machine environments to enterprise size implementations.  From modifying the way Supercharger retrieves data from its database to tweaking things as small as license keys being applied you will see drastic improvements in load times across the board.
  • Improvements to multi domain implementations
  • Improvements to the look and feel of Superchargers application logging
  • Our Security Log Wizard is back by popular demand
  • Event log performance monitoring

Rather than bore you with a long list of everything we've done we invite you to download (or upgrade if you are an existing user) the latest version and test it out.  If you're new to Supercharger, here are some answers to a few common questions:

  • What special permissions are needed to run Supercharger?  None.  As a security focused company, we take pride in creating least privilege security applications.
  • How do I setup a POC or test Supercharger?  Download and install it fully functional for 30 days.  After installation follow the step-by-step Getting Started Guide in Superchargers dashboard to setup WEC properly.  As always, if you need more than 30 days just let our sales team know.
  • How much does Supercharger cost?  As quantities increase, price per forwarder decreases.  To get exact pricing just input your total amount of forwarders on our quote page.
  • What if I need help?  For presales tech support you can reach out to our highly technical sales team.  If you have an existing support contract you can open a support request in our Support Portal.

Download Supercharger today and see just how easy a huge implementation of WEC can be.  Just imagine having all of your Windows endpoints send event logs to a collector in under 15 minutes.  With Supercharger we've made the impossible possible. 

Over the past few months, we've been listening to you.  Most of the enhancements and bug fixes in our latest releases are because of you.  The feedback and suggestions on our forum and support portal have helped us continue to improve our products.  So thank you very much!

If you are already a licensed user of our products and have a current support contract, then upgrading is easy.  Just find the product you need to upgrade on our download page.  Download the installer you need and just install on top of your current installation.  You will most likely need to request an updated product key at support.logbinder.com.  If you are upgrading Supercharger you just need to upgrade the manager.  All the collectors will upgrade themselves.

Thanks again for your support and I look forward to your feedback.


previous | next

powered by Bloget™