project: 'detection rules'

products:
  - id: security

cross_links:
  - docs-content
exclude:
  - '_*.md'
  - 'readme.md'

extensions:
  - detection-rules
  
toc:
  - file: index.md
    detection_rules: ['../rules', '../rules_building_block']
  - folder: audit_policies/windows
    children:
      - file: readme.md
      - file: audit_authorization_policy_change.md
      - file: audit_computer_account_management.md
      - file: audit_detailed_file_share.md
      - file: audit_directory_service_access.md
      - file: audit_directory_service_changes.md
      - file: audit_filtering_platform_connection.md
      - file: audit_filtering_platform_packet_drop.md
      - file: audit_handle_manipulation.md
      - file: audit_logon.md
      - file: audit_other_object_access_events.md
      - file: audit_policy_change.md
      - file: audit_process_creation_and_command_line.md
      - file: audit_security_group_management.md
      - file: audit_security_system_extension.md
      - file: audit_sensitive_privilege_use.md
      - file: audit_special_logon.md
      - file: audit_token_right_adjusted_events.md
      - file: audit_user_account_management.md
      - file: audit_powershell_scriptblock.md
      - file: sysmon_eventid1_process_creation.md
      - file: sysmon_eventid2_file_creation_time_changed.md
      - file: sysmon_eventid3_network_connection.md
      - file: sysmon_eventid7_image_loaded.md
      - file: sysmon_eventid8_createremotethread.md
      - file: sysmon_eventid10_process_access.md
      - file: sysmon_eventid11_file_create.md
      - file: sysmon_eventid12_13_14_registry_event.md
      - file: sysmon_eventid17_18_pipe_event.md
      - file: sysmon_eventid19_20_21_wmi_event.md
      - file: sysmon_eventid22_dns_query.md
      - file: sysmon_eventid23_file_delete.md