mirror of
https://github.com/valitydev/SigmaHQ.git
synced 2024-11-07 17:58:52 +00:00
55 lines
1.3 KiB
YAML
55 lines
1.3 KiB
YAML
logsources:
|
|
windows-application:
|
|
product: windows
|
|
service: application
|
|
sources:
|
|
- 'WinEventLog:Application'
|
|
windows-security:
|
|
product: windows
|
|
service: security
|
|
sources:
|
|
- 'WinEventLog:Security'
|
|
windows-system:
|
|
product: windows
|
|
service: system
|
|
sources:
|
|
- 'WinEventLog:System'
|
|
windows-sysmon:
|
|
product: windows
|
|
service: sysmon
|
|
sources:
|
|
- 'WinEventLog:Microsoft-Windows-Sysmon/Operational'
|
|
windows-powershell:
|
|
product: windows
|
|
service: powershell
|
|
sources:
|
|
- 'WinEventLog:Microsoft-Windows-PowerShell/Operational'
|
|
windows-taskscheduler:
|
|
product: windows
|
|
service: taskscheduler
|
|
sources:
|
|
- 'WinEventLog:Microsoft-Windows-TaskScheduler/Operational'
|
|
windows-wmi:
|
|
product: windows
|
|
service: wmi
|
|
sources:
|
|
- 'WinEventLog:Microsoft-Windows-WMI-Activity/Operational'
|
|
apache:
|
|
category: webserver
|
|
sources:
|
|
- 'File:/var/log/apache/*.log'
|
|
- 'File:/var/log/apache2/*.log'
|
|
- 'File:/var/log/httpd/*.log'
|
|
linux-auth:
|
|
product: linux
|
|
service: auth
|
|
sources:
|
|
- 'File:/var/log/auth.log'
|
|
- 'File:/var/log/auth.log.?' # auth.log.1, auth.log.2, ...
|
|
linux-syslog:
|
|
product: linux
|
|
service: syslog
|
|
sources:
|
|
- 'File:/var/log/syslog'
|
|
- 'File:/var/log/syslog.?' # syslog.1, syslog.2 ...
|