valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 09:48:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Ref #933 - Added windows Process Creation to config

Browse Source
This commit is contained in:
Sander 2020-07-16 13:16:57 +02:00
parent 254942e4c3
commit 6c35a7afa0
2 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
tools/config/winlogbeat-modules-enabled.yml
View File

@ -29,6 +29,11 @@ logsources:
service: sysmon
conditions:
winlog.channel: 'Microsoft-Windows-Sysmon/Operational'
windows-process-creation:
product: windows
category: process_creation
conditions:
winlog.event_id: '1'
windows-dns-server:
product: windows
service: dns-server

5
tools/config/winlogbeat.yml
View File

@ -28,6 +28,11 @@ logsources:
service: sysmon
conditions:
winlog.channel: 'Microsoft-Windows-Sysmon/Operational'
windows-process-creation:
product: windows
category: process_creation
conditions:
winlog.event_id: '1'
windows-dns-server:
product: windows
service: dns-server