44 lines
1020 B
YAML
44 lines
1020 B
YAML
minimal:
|
|
Timestamp: "%Timestamp%"
|
|
Computer: "%Computer%"
|
|
Channel: "%Channel%"
|
|
EventID: "%EventID%"
|
|
Level: "%Level%"
|
|
RuleTitle: "%RuleTitle%"
|
|
Details: "%Details%"
|
|
|
|
standard:
|
|
Timestamp: "%Timestamp%"
|
|
Computer: "%Computer%"
|
|
Channel: "%Channel%"
|
|
EventID: "%EventID%"
|
|
Level: "%Level%"
|
|
Tags: "%MitreAttack%"
|
|
RecordID: "%RecordID%"
|
|
RuleTitle: "%RuleTitle%"
|
|
Details: "%Details%"
|
|
|
|
verbose-1:
|
|
Timestamp: "%Timestamp%"
|
|
Computer: "%Computer%"
|
|
Channel: "%Channel%"
|
|
EventID: "%EventID%"
|
|
Level: "%Level%"
|
|
Tags: "%MitreAttack%"
|
|
RecordID: "%RecordID%"
|
|
RuleTitle: "%RuleTitle%"
|
|
Details: "%Details%"
|
|
RuleFile: "%RuleFile%"
|
|
EvtxFile: "%EvtxFile%"
|
|
|
|
verbose-2:
|
|
Timestamp: "%Timestamp%"
|
|
Computer: "%Computer%"
|
|
Channel: "%Channel%"
|
|
EventID: "%EventID%"
|
|
Level: "%Level%"
|
|
Tags: "%MitreAttack%"
|
|
RecordID: "%RecordID%"
|
|
RuleTitle: "%RuleTitle%"
|
|
Details: "%Details%"
|
|
AllFieldInfo: "%RecordInformation%" |