Supercharger’s logical architecture is centered around WEC subscriptions and the Windows servers (aka Collectors) that host them. Other Supercharger objects include Collector Policies, Subscription Policies and Managed Filters.
In the above example, we have 2 Active Directory domains. The first domain has 1 Collector and there are 2 Collectors in the other domain.
Above, you’ll notice 4 types of objects in Supercharger:
- Collector Policies allow you to define values for the many different configuration settings WEC provides at the server level. You can assign a given Collector Policy to multiple Collectors and be sure they are all configured consistently. There is a Default Collector Policy which comes with Supercharger out of the box. You can define additional Collector Policies that
- Subscription Policies are like Collector Policies but at the Subscription level. Both Supercharger and WEC have a number of settings on Subscriptions that determine how the subscription works in WEC and how Supercharger handles it as well. You can configure these settings as a Subscription Policy and assign that policy to each subscription across your environment that needs to be configured the same way.
- Managed Filters One of the most powerful features of Windows Event Collection is its ability to define advanced filters that define exactly which events you want to forward – and those that are just “noise” and should be left behind. But building these filters requires specialized knowledge of XML query syntax and of the event logs you are collecting. Supercharger helps you build powerful filters whether you know XML query and we provide special help for the Security Log thanks to our relationship with UltimateItSecurity.com. Managed filters are where you find these capabilities. Once you build your filter you can assign it to multiple subscriptions without duplicating it.
- LDAP Queries Supercharger allows you to use custom LDAP queries to specify a set of forwarder computer accounts from AD using any query-able property from AD. This object type allows you to re-use a given LDAP query in multiple places.
The forwarders are not shown. By the way, technically, forwarders can cross domain boundaries and send events to Collectors elsewhere in the forest but we don’t recommend it nor does Supercharger fully support forwarders crossing domains. But as we said earlier, Supercharger fully supports multiple domains with no dependencies on trust or forest topology. It’s just best to avoid assigning forwarders to Collectors outside their domain.
The other important dimension of Supercharger’s logical architecture is Load Balanced Subscriptions which is overviewed here. If you have a large environment with thousands of forwarders you’ll especially want to read this.
Optionally provide private feedback to help us improve this article...
Thank you for your feedback!