2018-12-12 05:19:57 +00:00
|
|
|
title: DN_0000_some_name_here
|
2018-12-20 02:45:42 +00:00
|
|
|
description: >
|
2018-12-12 05:19:57 +00:00
|
|
|
Some text description here. It will be merged into one line.
|
2019-02-09 13:53:47 +00:00
|
|
|
loggingpolicy:
|
|
|
|
|
- LP_0000_some_logging_policy_name_here
|
2018-12-12 05:19:57 +00:00
|
|
|
references:
|
|
|
|
|
- http://something.com
|
2019-02-06 22:42:25 +00:00
|
|
|
category: OS Logs # HTTP Logs | DNS Logs | IDS/IPS/NGFW Alerts | Antivirus Alerts | Network Flows | etc
|
|
|
|
|
platform: Windows # Linux | Unix | macOS | Network
|
2019-02-09 22:39:17 +00:00
|
|
|
type: Windows Log # Applications and Services Logs | queries log | None
|
2019-02-06 22:42:25 +00:00
|
|
|
channel: Security # System | Microsoft-Windows-Sysmon/Operational | queries_log | None
|
|
|
|
|
provider: Microsoft-Windows-Security-Auditing # Microsoft-Windows-Eventlog | BIND | <exact service/deamon name> | None
|
2018-12-12 05:19:57 +00:00
|
|
|
fields:
|
|
|
|
|
- hostname
|
|
|
|
|
- ip_address
|
|
|
|
|
- username
|
|
|
|
|
- etc
|
|
|
|
|
sample: |
|
|
|
|
|
raw log sample here
|
