Description
I developed a dynamic and secure Windows log collection system, providing the organization with a sovereign, robust, and centralized internal solution for managing Windows log collection. The system includes:
- API backends in C#/.NET, serving users and collection agents with strong authentication mechanisms
- A dynamic collection agent developed as a Windows service, capable of collecting Windows Event Logs (Security, Sysmon, ForwardedEvents, etc.) and flat file logs (IIS logs, application logs, etc.), formatting them, and securely forwarding them to the appropriate SIEM collectors
- A React/TypeScript web interface for centralized configuration, supervision, and management of all deployed agents
- Automated configuration delivery, allowing agents to retrieve updated parameters from the backend and dynamically adapt their behavior without manual intervention
- End-to-end encrypted communications, ensuring secure interactions between all components
This solution extends coverage to previously unsupported log sources, guarantees full control and sovereignty over the collection infrastructure, and enables centralized, fine-grained management of log acquisition across all hosts. It complies with modern logging standards and encryption protocols while integrating seamlessly with SIEM platforms, maintaining a high level of security throughout the entire pipeline.
Technology used
- C# / .NET
- React / TypeScript
- Windows Services
- Certificate Authentication
- Windows Authentication
- SIEM
- IIS
- SQL