Current situation:
We are currently using a SIEM that has logs going to a WEF server and then to the SIEM without agents installed.
I have created a collector and have added the DC’s to the IDR– no issue, but when I try to add the DNS server it says I need a specific port open, but the logs are on the WEF server… why do I need a specific port open to communicate with the wef server?
How do I get my workstation logs that are sending the logs to the WEF to the collector and make view them in the IDR?
This solution is for a specific file type and I need all the logs without deploying agent.
Any help would be appreciated