Added AppLocker log source

2020-07-13 20:30:02 +00:00
parent 7fb2e2b845
commit a58e037509
1 changed files with 9 additions and 0 deletions
@@ -60,3 +60,12 @@ logsources:
    service: ntlm
    conditions:
      LogName: 'Microsoft-Windows-NTLM/Operational'
+  windows-applocker:
+    product: windows
+    service: applocker
+    conditions:
+      LogName:
+        - 'Microsoft-Windows-AppLocker/MSI and Script'
+        - 'Microsoft-Windows-AppLocker/EXE and DLL'
+        - 'Microsoft-Windows-AppLocker/Packaged app-Deployment'
+        - 'Microsoft-Windows-AppLocker/Packaged app-Execution'