No matter what SIEM you use, this is big news because collecting logs from hundreds or thousands of Windows endpoints is a constant pain point. But it doesn’t have to be if you use the technology already built-in to Windows to eliminate agents AND polling.

We are thrilled to announce the availability of Supercharger – a brand-new and one-of-a-kind solution for quickly implementing and managing the native Windows Event Collection already built-in to your servers and workstations.

Already using WEC? Supercharger will instantly give you time back and help you improve security and operational efficiency.

New to WEC? Supercharger will accelerate your implementation and help make it a roaring success.

Supercharger for Windows Event Collection manages all your collectors from a single pane of glass providing instant visibility into the health of your environment from the domain level down to each individual forwarder.

Features:

• Every collector, subscription and forwarder computer in your environment on a single pane of glass
• Alerts when any subscription's healthy forwarder percentage falls below your threshold; by email or inform your systems management solution
• Load balance hundreds of thousands of forwarder computers across multiple collectors
• Deep analysis of forwarder computers correlating Active Directory computer and group information with WEC source data
• Deterministic - Enumerate each AD group assigned to subscription and compare against source computers reported by WEC - taking into account computer's status in AD
• Empirical - Compare current active forwarders to past activity
• Arbitrary - Strict tracking foor smaller, high value forwarder sets
• Purge old WEC sources from collectors
• Build safe Security Log filters that leave the noise at the source
• Leverage expert knowledge on the Security Log from Randy Franklin Smith's UltimateWindowsSecurity.com
• Enforce consistent WEC configuration policies across collectors and subscriptions
• Track collector and event logging performance for tuning and capacity planning

Save 50% on Enterprise Edition

Install a trial of Supercharger in the next week and get the promo code for Enterprise Edition at Standard pricing! https://www.logbinder.com/Form/SCDownload

Instant pricing is available here: https://www.logbinder.com/Products/Supercharger/Pricing

Let us know how you like Supercharger and what you’d like to see us add. We’ve got some very cool enhancements in store but we also want to hear from you. Install Supercharger today, it only takes a few minutes to have complete visibility over your entire WEC environment.

With today's endpoint-focused attack methods, it's never been more important to get security logs from every single computer on your network.

Windows Event Collection is baked into the OS itself and it's just waiting to be used. (Already a big believer in WEC? Read on, we've got a very big announcement for you.)

Very, very few organizations currently monitor the Windows Security Log on every server, desktop and laptop on the network and it's easy to understand why when you consider these facts:

• Security logs are huge. Multiply huge by the number of endpoints and you get “extremely huge”
• Many SIEM (e.g. ArcSight) and log management solutions (e.g. Splunk) charge based on volume of logs consumed
• Remote log collection is prohibitively inefficient and, ironically, opens up security issues
• Agents = Resistance. Admins don't want agents on their systems. Agents use resources. Agents have to be monitored and cared for. Agents have to be updated.

Windows Event Collection to the rescue

WEC provides the power of an agent with a zero-footprint and completely hands-off control. Leveraging Active Directory, we can cause any number of endpoints to forward their most important security events to the Windows event collector of our choice – or in very large organizations we can distribute that load across multiple collectors as necessary.

At that point, whether you use agents to push events or WMI/RPC to pull events, the burden of getting these events into your SIEM or log management solution now drops from thousands of systems down to a handful.

WEC also gives you options to deal with the size issue of event logs. Even with WEC's ability to bring event logs to your SIEM's doorstep, maybe you can't afford to upgrade the hardware and licenses necessary to handle that influx of log data. Or maybe your SIEM's scalability tops out at a certain point. One of these is the situation for most enterprises.

Then it's time to acknowledge that the majority of security log data is noise and leave that noise behind. With the power of advanced Xpath queries you can filter out the noise and get the much smaller number of important events. That requires specialized knowledge of Xpath and the Windows security log but read on.

In this deeply technical, real training for free ™ webinar at UltimateWindowsSecurity.com, Randy Franklin Smith will implement Windows Event Collection live and demonstrate how to:

1. Target endpoints at your Windows Event Collectors
2. Set up a Windows Event collector
3. Create a subscription on the collector
1. Scoped to a certain group of computers as forwarders
2. Includes advanced filtering of noise events
4. Monitor the subscription as source computers begin to forward events
5. Troubleshoot problem forwarders

As great as WEC is, it's still just a foundation technology that lacks enterprise management, monitoring or reporting or features for scalability like load balancing. It's time to change that. After this detailed tour of Windows Event Collection, we will introduce a new and unique solution for managing this foundation technology in Windows. The product is Supercharger for Windows Event Collection. Supercharger automates every aspect of Windows Event Collection from:

• configuring collectors
• the creation of subscriptions
• advanced filtering that safely ignores the noise without also suppressing important events

To advanced enterprise features like

• load balancing large environments across multiple collectors
• 24/7 health analysis and monitoring of every event source computer
• performance monitoring and capacity planning – all from one pane of glass

We will demonstrate Supercharger and make it available for immediate trial download.

We are very excited about the release of Supercharger and we can't wait to help you improve security, increase endpoint vigilance while lowering costs. Please join us! Click here to register.

We have discovered earlier today that the latest Exchange cumulative updates released in December 2016 may be breaking Exchange auditing. We are currently testing the issue internally along with a few of our customers who have reported the same issue.  As of this time, installing the latest cumulative updates may break Exchange auditing which will break LOGbinder for Exchange.  Please visit our Knowledge Base for further details and steps to check if you are affected.