vh
20 lines
371 B
YAML
20 lines
371 B
YAML
title: Splunk Windows log source conditions
|
|
order: 20
|
|
backends:
|
|
- crowdstrike
|
|
logsources:
|
|
windows-sysmon:
|
|
product: windows
|
|
service: sysmon
|
|
conditions:
|
|
EventID: 1
|
|
process_creation_1:
|
|
category: process_creation
|
|
product: windows
|
|
|
|
fieldmappings:
|
|
EventID: EventID
|
|
CommandLine: Commandline
|
|
Command_Line: Commandline
|
|
Image: ImageFileName
|