Log collectors, authentication on windows evironments

nikolai_thoftgaard_jensen · November 21, 2023, 1:14pm

Hi,

When setting up the event source for eg. Active directory per Active Directory | InsightIDR Documentation and you use the WMI, what kind of authentication protocol is used? As far as i can tell it is using NTLM, we are currently in a process of eliminating all NTLM authentication in favor of kerberos it also the case where it uses SMB to get a log file in eg. Microsoft DNS, but i cannot seem to find anything that says the log collector would support kerberos in the various event sources where it uses WMI or SMB.

Any help would be much appreciated.

david_smith · November 22, 2023, 5:23am

We currently only support NTLM, adding support for Kerberos is something we have an open enhancement request for.

nkershaw1 · November 28, 2023, 6:03pm

This is one of the reasons we use log shipping via NXLog instead.

It would be good to know when Kerberos is available.