valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 09:48:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Removed some spaces and added Win 10 WMI eventlog

Browse Source
This commit is contained in:
Florian Roth 2017-08-22 10:04:56 +02:00
parent 59821d1bcb
commit edf2787402
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
tools/config/splunk-windows-all.yml
View File

@ -28,12 +28,17 @@ logsources:
product: windows
service: powershell-classic
conditions:
source: 'Windows PowerShell'
source: 'Windows PowerShell'
windows-powershell:
product: windows
service: taskscheduler
conditions:
source: 'WinEventLog:Microsoft-Windows-TaskScheduler/Operational'
windows-wmi:
product: windows
service: wmi
conditions:
source: 'WinEventLog:Microsoft-Windows-WMI-Activity/Operational'
windows-dns-server:
product: windows
service: dns-server