valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 09:48:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fixed Splunk configuration

Browse Source 
Substituted source: with sourcetype:
This commit is contained in:
Thomas Patzke 2017-05-26 00:13:30 +02:00
parent 0c222134b9
commit 18a9fd18ef
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
tools/config/splunk-windows-all.yml
View File

@ -18,26 +18,26 @@ logsources:
product: windows
service: sysmon
conditions:
source: 'WinEventLog:Microsoft-Windows-Sysmon/Operational'
sourcetype: 'WinEventLog:Microsoft-Windows-Sysmon/Operational'
windows-powershell:
product: windows
service: powershell
conditions:
source: 'WinEventLog:Microsoft-Windows-PowerShell/Operational'
sourcetype: 'WinEventLog:Microsoft-Windows-PowerShell/Operational'
windows-classicpowershell:
product: windows
service: powershell-classic
conditions:
source: 'Windows PowerShell'
sourcetype: 'Windows PowerShell'
windows-powershell:
product: windows
service: taskscheduler
conditions:
source: 'WinEventLog:Microsoft-Windows-TaskScheduler/Operational'
sourcetype: 'WinEventLog:Microsoft-Windows-TaskScheduler/Operational'
windows-dns-server:
product: windows
service: dns-server
conditions:
source: 'DNS Server'
sourcetype: 'DNS Server'
fieldmappings:
EventID: EventCode