Added rules for different sysmon categories and added the category definition

2020-06-10 15:02:15 +02:00
parent 565febd39d
commit 423baafa2a
1 changed files with 60 additions and 0 deletions
@@ -9,3 +9,63 @@ logsources:
        rewrite:
            product: windows
            service: sysmon
+    network_connection:
+        category: network_connection
+        product: windows
+        conditions:
+            EventID: 3
+        rewrite:
+            product: windows
+            service: sysmon
+    registry_event:
+        category: registry_event
+        product: windows
+        conditions:
+            EventID: 
+                - 12 
+                - 13 
+                - 14
+        rewrite:
+            product: windows
+            service: sysmon
+    file_creation:
+        category: file_creation
+        product: windows
+        conditions:
+            EventID: 11
+        rewrite:
+            product: windows
+            service: sysmon
+    process_access:
+        category: process_access
+        product: windows
+        conditions:
+            EventID: 10
+        rewrite:
+            product: windows
+            service: sysmon
+    image_loaded:
+        category: image_loaded
+        product: windows
+        conditions:
+            EventID: 7
+        rewrite:
+            product: windows
+            service: sysmon
+    driver_loaded:
+        category: driver_loaded
+        product: windows
+        conditions:
+            EventID: 6
+        rewrite:
+            product: windows
+            service: sysmon
+    process_terminated:
+        category: process_terminated
+        product: windows
+        conditions:
+            EventID: 5
+        rewrite:
+            product: windows
+            service: sysmon
+