WinRM Polling vs Beats

Hello,
As I noticed competitors are leveraging WinRM to retrieve data from hosts.

It seems like this is mostly covered by Metricbeat and Winlogbeat but I wanted to confirm that all these are possible with Elastic.

WinRM polling is a method used to collect data from WMI-rooted component monitors. These component monitors include various aspects such as:

1. Directory Size Monitors: These monitor the size of directories on Windows systems.
2. File Count Monitors: They keep track of the number of files in specific directories.
3. Performance Counter Monitors: These collect performance data using Windows performance counters.
4. Process Monitors for Windows: Monitoring specific processes running on Windows machines.
5. Windows Event Log Monitors: Collecting information from Windows event logs.
6. Windows Service Monitors: Monitoring the status and performance of Windows services.
7. WMI Monitors: Utilizing Windows Management Instrumentation (WMI) for data collection.

I dont really know what WinRM is, so I just looked at what it is.
As of what I saw, WinRM is used to remotely manage Windows servers.

For the log gathering, Windows does not give you a lot of clarity. If you want to get a lot of logs, you can use Sysmon on Windows, that will generate a lot of them. which can be then gathered by winlogbeat and sended to an ELK server of whatever you want.

I currently use Sysmon and I get everything about network, files, connections, anything that happen on the server but not the performances, and I don't know if it's possible to get it with sysmon.

But if WinRM is generating logs that you want to use, then it's possible to get them with winlogbeat, you just have to find the name of the logs, and what events you want to get.