From a58e03750934b015bc144c1e7dfb8a135a3c86ea Mon Sep 17 00:00:00 2001
From: Pushkarev Dmitry <pushkarevds@yandex.ru>
Date: Mon, 13 Jul 2020 20:30:02 +0000
Subject: [PATCH] Added AppLocker log source

---
 tools/config/powershell-windows-all.yml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/tools/config/powershell-windows-all.yml b/tools/config/powershell-windows-all.yml
index 8464ade07..e7bf8ae9c 100644
--- a/tools/config/powershell-windows-all.yml
+++ b/tools/config/powershell-windows-all.yml
@@ -60,3 +60,12 @@ logsources:
     service: ntlm
     conditions:
       LogName: 'Microsoft-Windows-NTLM/Operational'
+  windows-applocker:
+    product: windows
+    service: applocker
+    conditions:
+      LogName:
+        - 'Microsoft-Windows-AppLocker/MSI and Script'
+        - 'Microsoft-Windows-AppLocker/EXE and DLL'
+        - 'Microsoft-Windows-AppLocker/Packaged app-Deployment'
+        - 'Microsoft-Windows-AppLocker/Packaged app-Execution'