security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
eb690d8902cd89698eccec930b7febaaac9efb01
blue-team-tools/tools/config/generic/sysmon.yml
T
Thomas Patzke d81946df39 Stacked configurations 
- Added log source rewriting
- Removed log source merging condition type setting
- Simplified SigmaLogsourceConfiguration constructor
- Condition is generated in SigmaParser instead of SigmaLogsourceConfiguration

Missing:
- Merging of raw config dict for backends that rely on this (es-dsl)
2018-09-12 23:40:22 +02:00

10 lines
211 B
YAML
Raw Blame History

logsources:
process_creation:
category: process_creation
product: windows
conditions:
EventID: 1
rewrite:
product: windows
service: sysmon
Reference in New Issue View Git Blame Copy Permalink