How to enable integration with SIEM solutions via Windows Event Log events

This article describes how to enable the creation of Windows Event Log events for alerts raised and change audits in Cayosoft Guardian. Such alerts and changes might be valuable sources of security insights for your SIEM solution. Cayosoft Guardian might detect changes that bypass native security logs, as it relies on multiple data sources when collecting the changes from the connected managed systems. 

How to enable Windows Event Log events for alerts

1. Open the Cayosoft Guardian web portal.
2. Go to Settings>Service Settings.
3. Locate Windows Event Log Settings.
4. Select it and click Properties.
5. In the Windows Event Log for Alerts section, uncheck the Disabled checkbox.
6. Click Save.

How to enable Windows Event Log events for Change Audit

This feature will allow you to forward suspicious changes in Change Monitoring to your SIEM system.

1. Open the Cayosoft Guardian web portal.
2. Go to Settings>Service Settings.
3. Locate Windows Event Log Settings.
4. Select it and click Properties.
5. In the Windows Event Log for Change Audit section, uncheck the Disabled checkbox.
6. Click Save.