adding file event filter

2021-12-06 20:50:20 +00:00
parent 76a3dda786
commit ea511bd761
1 changed files with 6 additions and 0 deletions
@@ -174,6 +174,12 @@ logsources:
   conditions:
     product_name: "Sysmon"
     vendor_id: "23"
+ windows-file-event:
+   product: windows
+   category: file_event
+   conditions:
+     product_name: "Sysmon"
+     vendor_id: 11
 windows-wmi-sysmon:
   product: windows
   category: wmi_event