{
  "package": {
    "name": "winlog",
    "version": ""
  },
  "name": "windows-defender",
  "namespace": "default",
  "description": "Windows Defender - Operational logs",
  "policy_id": "endpoints-initial",
  "inputs": {
    "winlogs-winlog": {
      "enabled": true,
      "streams": {
        "winlog.winlog": {
          "enabled": true,
          "vars": {
            "channel": "Microsoft-Windows-Windows Defender/Operational",
            "data_stream.dataset": "winlog.winlog",
            "preserve_original_event": false,
            "providers": [],
            "ignore_older": "72h",
            "language": 0,
            "tags": []          }
        }
      }
    }
  },
  "force": true
}