Already using Windows Event Collection? Supercharger will instantly give you time back and help you improve security and operational efficiency.

New to Windows Event Collection? Supercharger will accelerate your implementation and help you realize expectations for lowered cost, better security and improved compliance.

Supercharger for Windows Event Collection manages all your Windows Event Collectors from a single pane of glass providing instant visibility into the health of your environment from the domain level down to each individual forwarder.

Supercharger automatically determines which computers should be forwarding events to each subscription in your global network of collectors. Supercharger takes into account each computer's status in Active Directory to weed out dormant computers and unutilized computer accounts to give you an accurate picture of which computers should be sending events and which ones really are.

  • Every collector, subscription and forwarder computer in your environment on a single pane of glass
  • Alerts when any subscription's healthy forwarder percentage falls below your threshold; by email or inform your systems management solution
  • Load balance hundreds of thousands of forwarder computers across multiple collectors
  • Deep analysis of forwarder computers correlating Active Directory computer and group information with WEC source data
    • Deterministic - Enumerate each AD group assigned to subscription and compare against source computers reported by WEC - taking into account computer's status in AD
    • Empirical - Compare current active forwarders to past activity
    • Arbitrary - Strict tracking for smaller, high value forwarder sets
  • Purge old WEC sources from collectors
  • Build safe Security Log filters that leave the noise at the source
  • Leverage expert knowledge on the Security Log from Randy Franklin Smith's UltimateWindowsSecurity.com
  • Enforce consistent WEC configuration policies across collectors and subscriptions
  • Track collector and event logging performance for tuning and capacity planning
  • Implement native Windows Event Collection fast and easily
  • Monitor more endpoints while reducing load on your SIEM
  • Eliminate the burden of installing and updating of agents
  • Avoid the push back from server admins who resist agents
  • Efficiently collect every event log on your network
    • Without the noise
    • Without the agents
    • Without the polling
  • Manage very large WEC environments - 100,000+ endpoints, multiple domains
  • Instantly visibility
    • Who's sending events and who isn't? Why?
    • Where are the problems?
    • What is the performance?
  • Detect new programs as soon as they execute anywhere on your network
  • Reduce licensing costs for volume based log management technologies
  • Catch intrusions earlier in the attack
  • Meet compliance requirements
  • Improve endpoint security

More on this page: Load Balancing, Edition Comparison

Features

  • Manage all your Windows Event Collects from a single pane of glass
  • At-a-glance and 24/7 monitoring of WEC health - globally
  • Load balance multiple Windows Event Collectors
  • Create custom destination logs support by WEC instantly
  • Optimize Windows to handle high volume loads without dropping events
  • Manage subscriptions consistently across all collectors
  • 3 ways to assess health of source computers (aka forwarders)
    • Deterministic - Supercharger compares sources reported by WEC to computer accounts in Active Directory and their status to provide you with an accurate list of which computers should be sending events and which ones are.
    • Empirical - Appropriate for less controlled subscriptions, Supercharger bases expected computers on past history
    • Arbitrary - Intended for smaller subscriptions of high-value servers
  • Compare Active Directory to all collectors and subscriptions to find computers that are being missed
  • Pre-built security log filters with noise filtering
  • Define Xpath filters once and re-use across domains and collectors

Load Balancing Many Forwarders Across Multiple Collectors

What if you have tens of thousands of workstations or hundreds of servers that simply produce more events than one Collector can keep up with? Supercharger’s Enterprise functionality can automatically distribute and balance this load across multiple controllers with Distributed Subscriptions.

A Distributed Subscription is like a normal Subscription in WEC but you create it in Supercharger at the domain level and assign 2 or more Collectors.

Edition Comparison

Standard Edition Enterprise Edition  
Policy based management of Collectors, Subscriptions and Event Logs
At a glance, single pane of glass view of entire WEC environment
Pre-built security filters based on Randy Franklin Smith's UltimateWindowsSecurity.com
Wizard-based implementation of Windows Event Collection subscriptions
Managed event filters with noise suppression
Performance monitoring of collectors and logs
Empirical and Arbitrary Forwarder Analysis
  Deterministic Forwarder Analysis
  Email and system management alerting to health changes
  Daily status report email
  Load balancing of forwarders across multiple collectors
  Capacity planning
  Live support

Supercharger’s Manager/Agent architecture is built around around WEC subscriptions and the Windows servers (aka Collectors) that host them. Other Supercharger objects include Collector Policies, Subscription Policies and Managed Filters.

The above environment shows 9 subscriptions across 3 collectors in 2 domains. Supercharger manages all of these from a single dashboard. You'll also notice 3 other types of objects in Supercharger:

  • Collector Policies allow you to define values for the many different configuration settings WEC provides at the server level. You can assign a given Collector Policy to multiple Collectors and be sure they are all configured consistently. There is a Default Collector Policy which comes with Supercharger out of the box. You can define additional Collector Policies that
  • Subscription Policies are like Collector Policies but at the Subscription level. Both Supercharger and WEC have a number of settings on Subscriptions that determine how the subscription works in WEC and how Supercharger handles it as well. You can configure these settings as a Subscription Policy and assign that policy to each subscription across your environment that needs to be configured the same way.
  • Managed Filters One of the most powerful features of Windows Event Collection is its ability to define advanced filters that define exactly which events you want to forward – and those that are just “noise” and should be left behind. But building these filters requires specialized knowledge of XML query syntax and of the event logs you are collectoing. Supercharger helps you build powerful filters whether you know XML query and we provide special help for the Security Log thanks to our relationship with UltimateWindowsSecurity.com. Managed filters are where you find these capabilities. Once you build your filter you can assign it to multiple subscriptions without duplicating it.

Supercharger's Manager/Agent architecture allows to install and manage your entire Windows Event Collection environment within minutes. One Supercharger Manager can handle many Windows Event Collectors. Then add the Supercharger Agent to each collector. Volia!

  • Manager - Windows Server 2012 or later
  • Controller - Windows Server 2008 R2 SP1 or later

Installing Supercharger

Physical Architecture

Download Free TrialPricing