When setting up the event source for eg. Active directory per Active Directory | InsightIDR Documentation and you use the WMI, what kind of authentication protocol is used? As far as i can tell it is using NTLM, we are currently in a process of eliminating all NTLM authentication in favor of kerberos it also the case where it uses SMB to get a log file in eg. Microsoft DNS, but i cannot seem to find anything that says the log collector would support kerberos in the various event sources where it uses WMI or SMB.
Any help would be much appreciated.