Hide this message
Welcome to the NEW Success Center. Search all resources (documentation, videos, training, knowledge base articles) or browse resources by product. If you are unable to find what you are looking for, please contact us at email@example.com
This article provides information when you are receiving port scan events and alerts from your firewall, but nothing from the Windows agents.
The issue is caused when network traffic events cannot be logged to the standard Windows Application, Security, and System event logs.
By default, the agents cannot report any sort of network traffic. The agents only log readers or parsers and only monitor three main Windows events logs:
The information above is not part of Windows logs.
However, if the workstations had the Windows Firewall enabled and it was logging, you could configure your agents to read that log file as well.
You can open up Windows Firewall on any of the hosts in question and go to Monitoring to see their logging settings. If they are logging and you see data in the firewall log file, try adding a Windows Firewall connector to that agent to see if you get the events you want.
You can add a Windows Firewall connector by going to Manage > Nodes, click on the gear icon for that agent, and go to Connectors. Just find Windows Firewall in the list, click its gear, click New, click Save, click the gear on the new row, and click Start.