From 7fb2e2b845d4e901be705edd299f141580311d87 Mon Sep 17 00:00:00 2001
From: Pushkarev Dmitry <pushkarevds@yandex.ru>
Date: Mon, 13 Jul 2020 20:29:13 +0000
Subject: [PATCH] Added AppLocker log source

---
 tools/config/powershell.yml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/tools/config/powershell.yml b/tools/config/powershell.yml
index c22cdc99b..e116f0cd1 100644
--- a/tools/config/powershell.yml
+++ b/tools/config/powershell.yml
@@ -74,3 +74,12 @@ logsources:
     service: windefend
     conditions:
       LogName: 'Microsoft-Windows-Windows Defender/Operational'
+  windows-applocker:
+    product: windows
+    service: applocker
+    conditions:
+      LogName:
+        - 'Microsoft-Windows-AppLocker/MSI and Script'
+        - 'Microsoft-Windows-AppLocker/EXE and DLL'
+        - 'Microsoft-Windows-AppLocker/Packaged app-Deployment'
+        - 'Microsoft-Windows-AppLocker/Packaged app-Execution'