ArcSight Windows Event Log SmartConnector

A version of Windows Event Log SmartConnector has been released with the ArcSight SmartConnector 7.8 framework that can be hosted on Linux. This brings the functionality of the ArcSight Windows Native SmartConnector (WINC) to Linux Hosts. This removes the need to deploy the older legacy Windows Unified SmartConnector (WUC) and removes a number of issues with WUC such as the forces use of SMBv1.

This will likely replace the Windows Unified Connector (WUC) In time. WUC should be phased out wherever possible due to the reliance on SMBv1 and poor event log support.

Note that it does require allowing Windows Remote Management and Powershell 5 with Remote access configured – which some scenarios / locked down environments may struggle with – in which case the WINC Connector or Windows Event Log Forwarding (WEF) will be the best options.

Custom parsers / FlexConnectors for WINC should work on this Connector without any change.

A comparison of the functionality is in the config guide and below:


comparison 1 - ArcSight Windows Event Log SmartConnector