Absolutely loved this webcast! Plenty of useful information in regards to the benefits of WEF/WEC usage, especially in an environment where you have multiple SIEMS. Also, Powershell was mentioned, definitely seems like wecutil will be worth looking into further for automation and scripting purposes!
I did similar deployment in our enviroment but WEC is a single point of failure . We tried the windows built in mechanism with 2 virtual servers configured as cluster but didnt work , Any ideas how to mitigate this ?
summary: don't use wec/wef, stick to ARC/AMA agent for servers? and log analytics agent for workstations if needed (AMS not supported for workstations)? with advanced powershell auditing enabled in group policy? plus edr agent for advanced threat detections?
Waste of time. The one guy on the right has a video on this subject and none of his links work. You think that if he teaches he would make sure his links work. But nope - wasted my time.