security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add missing WinEventLog prefix

Browse Source
This commit is contained in:
frack113
2022-03-05 11:35:49 +01:00
parent a6ed1a3fb8
commit 87a0bed0ec
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tools/config/splunk-windows.yml
+3 -3
View File
@@ -111,7 +111,7 @@ logsources:
product: windows
service: codeintegrity-operational
conditions:
source: 'Microsoft-Windows-CodeIntegrity/Operational'
source: 'WinEventLog:Microsoft-Windows-CodeIntegrity/Operational'
windows-smbclient-security:
product: windows
service: smbclient-security
@@ -126,11 +126,11 @@ logsources:
product: windows
service: firewall-as
conditions:
source: 'Microsoft-Windows-Windows Firewall With Advanced Security/Firewall'
source: 'WinEventLog:Microsoft-Windows-Windows Firewall With Advanced Security/Firewall'
windows-bits-client:
product: windows
service: bits-client
conditions:
source: 'Microsoft-Windows-Bits-Client/Operational'
source: 'WinEventLog:Microsoft-Windows-Bits-Client/Operational'
fieldmappings:
EventID: EventCode