 Ben de Haan
|
dddb83393d
|
Added field mappings for events with logins
|
2017-03-30 10:49:36 +02:00 |
|
|
Ben de Haan
|
cb9a9bc2ff
|
Added LogPoint conditional username mapping
Conditional mapping of SubjectAccountName based on EventID. Not a comprehensive list, but should include most relevant Event IDs.
|
2017-03-30 09:51:32 +02:00 |
|
|
Thomas Patzke
|
9698e8fdf7
|
Changed Logpoint SubjectAccountName mapping to conditional mapping
|
2017-03-25 00:27:29 +01:00 |
|
|
Thomas Patzke
|
a4465ce844
|
Added 1:n field mapping
MultiFieldMapping
|
2017-03-24 00:58:11 +01:00 |
|
|
Florian Roth
|
7e180365ab
|
PowerShell Classic Log in Splunk Config Example
|
2017-03-22 11:17:46 +01:00 |
|
|
Ben de Haan
|
c3c405a95e
|
LogPoint windows mapping
|
2017-03-20 16:57:19 +01:00 |
|
|
Florian Roth
|
f292a259a5
|
Adjusted Windows Splunk Config
|
2017-03-18 13:12:31 +01:00 |
|
|
Thomas Patzke
|
17c484163d
|
Improved examples
|
2017-03-18 00:03:21 +01:00 |
|
|
Thomas Patzke
|
b4f52d9cfb
|
Windows index in Splunk example configuration
|
2017-03-17 23:30:11 +01:00 |
|
|
Florian Roth
|
dc00baacda
|
Splunk Windows Configuration Example
|
2017-03-17 10:00:56 +01:00 |
|
|
Thomas Patzke
|
d2a9a91175
|
Log source conditions are integrated in generated expressions
Indices not yet included
|
2017-03-14 23:22:32 +01:00 |
|
|
Thomas Patzke
|
52d7e9fc07
|
Parsing log sources in configuration files
|
2017-03-12 23:12:21 +01:00 |
|
|
Florian Roth
|
b93379a6a9
|
Config example: sysmon / logstash index
|
2017-03-07 10:09:43 +01:00 |
|