SigmaHQ/tools/config/splunk-windows-index.yml

title: Splunk Windows index and EventID field mapping
order: 20
backends:
  - splunk
  - splunkxml
logsources:
  windows:
    product: windows
    index: windows
fieldmappings:
    EventID: EventCode
Added title to all configurations 2019-05-16 21:33:51 +00:00			`title: Splunk Windows index and EventID field mapping`
Configuration order checking 2019-04-22 22:54:10 +00:00			`order: 20`
Check for valid configuration/backend combinations 2019-05-19 23:00:33 +00:00			`backends:`
			`- splunk`
			`- splunkxml`
Added test cases * Generic log sources * Splunk index queries 2018-10-15 13:24:18 +00:00			`logsources:`
			`windows:`
			`product: windows`
			`index: windows`
			`fieldmappings:`
			`EventID: EventCode`