Does EventSentry work with Windows Event Forwarding (WEF)?

Using EventSentry in conjunction with WEF has not been tested and is not a supported setup.

Instead, EventSentry agents should be deployed and used to transfer event log (and other) data through the collector. Utilizing the EventSentry collector services offers a number of benefits, including:

• Caching data while a host is offline
• Encryption and compression
• Server-side thresholds to detect lateral movement
• Evaluate IP addresses against black lists
• Seamless agent and configuration management