Documentation forSecurity Event Manager

Configure SEM agents after the installation

After you complete the installation, the SEM agent captures log information from sources such as Windows Event Logs, database logs, and local antivirus logs. Additionally, the SEM agent allows SEM to take specific actions that you can define as rules.

View the SEM Agents

  1. On the SEM console, navigate to Configure > Nodes.
  2. Under Refine Results, expand the Type group, and then select the Agent check box.

About the SEM Agent for Windows connectors

The SEM agent for Windows includes several preconfigured connectors that collect and display data from these systems immediately after you install the SEM Agent. By default, the SEM Agent for Windows includes the following preconfigured connectors:

  • Windows Security Log (for the host OS version)
  • Windows Active Response
  • Windows Application Log
  • Windows System Log

For broader coverage on your Windows computers, configure specific connectors to obtain your targeted data.

Configure the SEM agent

Perform the following steps to configure your SEM agent with one or more SEM connectors.

  1. Identify a SEM connector for the targeted agent.

  2. Log in to the SEM Console.

  3. On the toolbar, click Configure > Nodes.

  4. In the Refine Results column, expand Type and select the Agent checkbox.

  5. Select an agent, and then click Manage node connectors.

  6. In the Refine Results column, sort the list of available connectors by status, type or category.

  7. Under Available connectors, locate the targeted connector. Click the tooltip for a description.

  8. Select the connector checkbox.

  9. In the toolbar, click Add Connector.

  10. In the Add Connector window, select the output type. Configure these values if SEM is configured to save raw (unnormalized) log messages.

    Select Normalized to save normalized log messages.

    Select Raw + Normalized to save unnormalized and normalized log messages.

    Select Raw to save unnormalized log messages.

  11. Under Sleep time, click the up- or down-arrow to adjust the number of seconds between log reads (if required).

  12. Click Save.

    Your changes are saved to the connector profile. The connector is added to the Configured connectors list.

  13. (Optional) Repeat step 7 through step 12 to add additional connectors to the agent.

  14. Click Done.

    The new connector displays in the Nodes with all available agents and non-agents based on your Refine Results selection.

    See Manage the monitored nodes for details on how to refine the node results, edit a connector profile, edit an active response connector profile, and more.