Has anyone ever set up NxLog to forward windows events to any log aggregator or SIEM that accetps LEEF format? I see the enterprise edition has a LEEF module but wanted to see if this had been done or if there are any issues in doing so.
You will probably need to experiment with this depending on the SIEM you use. Even QRadar supports the Snare format better than their own LEEF format due to the logic built into their DSM. This is what we were told by the IBM Securitly folks.