tools/config/generic/sysmon.yml

title: Conversion of generic rules into Sysmon
order: 10
logsources:
    process_creation:
        category: process_creation
        product: windows
        conditions:
            EventID: 1
        rewrite:
            product: windows
            service: sysmon
Added title to all configurations 2019-05-16 23:33:51 +02:00			`title: Conversion of generic rules into Sysmon`
Configuration order checking 2019-04-23 00:54:10 +02:00			`order: 10`
Added generic sysmon configuration with process_execution config 2018-08-13 23:50:44 +02:00			`logsources:`
			`process_creation:`
			`category: process_creation`
			`product: windows`
			`conditions:`
			`EventID: 1`
Added rewrite config to generic sysmon configuration 2018-08-14 21:28:17 +02:00			`rewrite:`
Stacked configurations 2018-09-12 23:31:51 +02:00			`product: windows`
Added rewrite config to generic sysmon configuration 2018-08-14 21:28:17 +02:00			`service: sysmon`