Share via

Best practise Event Collector refresh interval

Daniel M 126 Reputation points
2021-03-24T09:40:41.63+00:00

Hi,

When you configure the setting "Configure target Subscription Manager" in a GPO to tell servers which Event Collector to connect to you can also specify by which refresh interval it should be done.

I am wondering:

  • What the default refresh interval value is if you dont specify anything
  • What is the range of the refresh interval that can be specified
  • What is a good/best practise refresh interval to be set for subscriptions that change very seldom

/Daniel

Windows for business | Windows Server | User experience | Other
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Carl Fan 6,886 Reputation points
    2021-03-25T07:40:49.653+00:00

    Hi Daniel,

    1. Follow the official documentation below, in which the refresh interval is set as 10 seconds.
      https://learn.microsoft.com/en-us/advanced-threat-analytics/configure-event-collection
      2/3. The Refresh interval indicates how often clients should check in to see if new subscriptions are available. Always we could set the refresh =60.
      Server=http://<FQDN of the collector>:5985/wsman/SubscriptionManager/WEC,Refresh=60
      This parameter is measured in seconds. If the subscriptions don't change frequently, this parameter can be configured to check every few hours or even less often.
      Hope this helps and please help to accept as Answer if the response is useful.
      Best Regards,
      Carl

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.