add EventID 26

2021-09-29 08:53:22 +02:00
parent 41f0fe6b52
commit 424b0263df
1 changed files with 3 additions and 1 deletions
@@ -143,7 +143,9 @@ logsources:
        category: file_delete
        product: windows
        conditions:
-            EventID: 23
+            EventID: 
+                - 23
+                - 26
        rewrite:
            product: windows
            service: sysmon