Skip to main content

Microsoft IIS Web Server

Download With Dependencies

Modeling rules for Microsoft IIS Web Server


This pack includes XSIAM content.

Configuration on the Server Side

  1. Open the IIS Manager.
  2. Click the site.
  3. In the window on the right, click Logging.
  4. Ensure the format is set to W3C.

Collect Events from Vendor

In order to use the collector, you need to use the following option to collect events from the vendor:

You will need to configure the vendor and product for this specific collector.

XDRC (XDR Collector)

You will need to use the information described here.

You can configure the vendor and product by replacing [vendor][product]raw with [vendor][product]_raw.

When configuring the instance, you should use a YAML file that configures the vendor and product, as seen in the configuration below for the Microsoft IIS product.

Copy and paste the content of the following YAML file in the Filebeat Configuration File section (inside the relevant profile under the XDR Collectors Profiles).

Filebeat Configuration file:

- module: iis
    enabled: true
    var.paths: ["C:/inetpub/logs/LogFiles/*/*.log"]
    enabled: true
    var.paths: ["C:/Windows/System32/LogFiles/HTTPERR/*.log"]




Cortex XSIAM


CertificationRead more
Supported ByCortex
CreatedJune 14, 2022
Last ReleaseJanuary 16, 2023

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.