Windows Hosts
Overview
This topic describes how to install the Upwind Sensor on a Windows Server host (VM), such as an Amazon EC2 instance, Google Cloud Compute instance, or Microsoft Azure VM. The Upwind Sensor supports Windows Server 2016 or later.
This topic assumes the following criteria are met:
- You have already connected the cloud account where the Windows host is hosted to Upwind. If you haven't, please follow the Connect a Cloud Account page.
Requirements
| Requirement | Description |
|---|---|
| Operating System | Windows Server 2016 or later |
| Architecture | amd64 |
Please make sure your Windows host meets the above requirements before proceeding with the installation.
Components
The Upwind Windows Sensor includes the following components:
- Sensor - The core sensor providing runtime visibility and security monitoring.
- Scanner - Periodically scans the host for vulnerabilities and configuration issues.
Telemetry Sources
The Upwind Windows Sensor collects telemetry through Event Tracing for Windows (ETW), a built-in kernel-level tracing facility. ETW lets the sensor observe process, network, and DNS activity with low overhead and without requiring a kernel driver.
ETW Providers
The sensor subscribes to the following ETW providers:
| Provider | Purpose |
|---|---|
| NT Kernel Logger | Process and networking events |
| Microsoft-Windows-TCPIP | TCP/IP network connections |
| Microsoft-Windows-DNS-Client | DNS queries and responses |
Installation
To install the Upwind Sensor on a Windows host, follow the Installation guide.