01
Get tenant key
Generated from the MSP portal.
Step 01
Product catalog
Family Audit
SYLink Activity
Windows Event ID collection · MSP-friendly
Lightweight agent that streams Windows Event IDs, user identifiers and system activity from endpoints to the MSP portal. Light, silent, GDPR-compliant.
The product, in plain words
What it does SYLink Activity
Lightweight agent that streams Windows Event IDs, user identifiers and system activity from endpoints to the MSP portal. Light, silent, GDPR-compliant.
Key takeaway
SYLink Activity — Windows Event ID collection · MSP-friendly.
The technical playbook
How to use it
Silent ETW agent, MSP pipeline
SYLink Activity s'appuie sur ETW (Event Tracing for Windows) et WMI pour collecter les événements sans toucher au journal Windows lui-même. Les données sont enrichies (résolution SID → nom, géolocalisation IP) puis agrégées au niveau du tenant client.
Côté MSP, le portail offre une vue par client (ou consolidée) avec des règles d'alerting personnalisables : 5 échecs d'auth en 1 min, création de processus PowerShell suspect, accès à un partage protégé, etc.
Where the product fits in your topology
Network placement
Agent léger sur les serveurs Windows pour collecter et corréler les Event ID critiques (logon, escalade de privilèges, modifications AD). Console MSP centralisée — idéal supervision multi-clients.
Deployment pipeline
Deployment diagram
Install via GPO or RMM. Auto-pairs to the customer tenant via a key from the MSP portal.
- 02
MSI packaging
The signed MSI installer accepts the key as a parameter.
Step 02 - 03
GPO/RMM deployment
Silent push to all targeted Windows endpoints.
Step 03 - 04
Activate alerting
Configure rules from the MSP portal.
Step 04
- 01
Get tenant key
Generated from the MSP portal.
Step 01 - 02
MSI packaging
The signed MSI installer accepts the key as a parameter.
Step 02 - 03
GPO/RMM deployment
Silent push to all targeted Windows endpoints.
Step 03 - 04
Activate alerting
Configure rules from the MSP portal.
Step 04
↓ Integration pipeline — step by step, from scoping to production ↓
Prerequisites
- Windows 10/11 or Windows Server 2016+
- GPO, RMM or Windows deployment tool
- Access to the SYLink MSP portal (integrator account)
What you concretely gain
Benefits
- 01
Visibility on critical Event IDs
Authentications, privilege escalations, process creations, file accesses — everything the Windows log knows, you see.
- 02
Built for MSPs / remote supervision
Multi-tenant, white-label, customer-level aggregation, one-click escalation to an analyst.
- 03
Light and silent
Minimal footprint (< 1% CPU). No user interaction, no intrusive endpoint alerts.
- 04
GDPR-by-design
No user-content capture, hashed IDs, configurable retention. Full audit trail.
The full datasheet
Specifications
Compatibility
| Supported OS | Windows 10/11 + Windows Server 2016+ |
| Method | ETW + WMI + lecture journaux |
| Deployment mode | GPO / MDM / RMM / installeur silencieux |
| Footprint | < 50 Mo RAM, < 1 % CPU |
Data collected
| Authentications | Réussies / échouées, source / destination |
| Privileges | Élévations, changements d'appartenance |
| Processes | Création, ligne de commande, hash |
| File accesses | Sur dossiers sensibles désignés |
Portal reporting
| Protocol | HTTPS TLS 1.3 |
| Frequency | Temps réel + batch toutes les 5 min |
| Storage | Portail MSP (FR) ou on-premise |
| Retention | Configurable, défaut 1 an |
Built for
Target customers
MSP supervising 50 SMBs
Unified view of authentications and critical events across all customers from one console.
Early anti-ransomware detection
Alerting on typical ransomware patterns before encryption (suspicious process creation, etc.).
NIS2 / ISO 27001 compliance
Court-admissible event log, exportable for audit.
Test SYLink Activity on your infrastructure
30-minute guided demo, PoC on a pilot perimeter, support by our French teams based in Clermont-Ferrand, Marseille and Rennes.