mirror of
https://github.com/valitydev/SigmaHQ.git
synced 2024-11-07 09:48:58 +00:00
20 lines
371 B
YAML
20 lines
371 B
YAML
|
title: Splunk Windows log source conditions
|
||
|
|
order: 20
|
||
|
|
backends:
|
||
|
|
- crowdstrike
|
||
|
|
logsources:
|
||
|
|
windows-sysmon:
|
||
|
|
product: windows
|
||
|
|
service: sysmon
|
||
|
|
conditions:
|
||
|
|
EventID: 1
|
||
|
|
process_creation_1:
|
||
|
|
category: process_creation
|
||
|
|
product: windows
|
||
|
|
|
||
|
|
fieldmappings:
|
||
|
|
EventID: EventID
|
||
|
|
CommandLine: Commandline
|
||
|
|
Command_Line: Commandline
|
||
|
|
Image: ImageFileName
|