Log collectors, authentication on windows evironments


When setting up the event source for eg. Active directory per Active Directory | InsightIDR Documentation and you use the WMI, what kind of authentication protocol is used? As far as i can tell it is using NTLM, we are currently in a process of eliminating all NTLM authentication in favor of kerberos it also the case where it uses SMB to get a log file in eg. Microsoft DNS, but i cannot seem to find anything that says the log collector would support kerberos in the various event sources where it uses WMI or SMB.

Any help would be much appreciated.

We currently only support NTLM, adding support for Kerberos is something we have an open enhancement request for.

This is one of the reasons we use log shipping via NXLog instead.

It would be good to know when Kerberos is available.