There are two ways you can send Windows system and event logs to Devo. It is also possible to use WMI to manage the remote collection of log events however this is very likely to have a negative impact on performance. Although this is not the preferred method, we also offer some instructions for setting up WMI to collect logs and send them to a Devo endpoint.
Snare Agent for Windows
The Snare Agent for Windows is a third-party tool. If you want to forward these events to your Devo domain, you must use the box.win_snare tag.