{
  "package": {
    "name": "windows",
    "version": ""
  },
  "name": "windows-endpoints",
  "namespace": "default",
  "policy_id": "endpoints-initial",
  "inputs": {
    "windows-winlog": {
      "enabled": true,
      "streams": {
        "windows.forwarded": {
          "enabled": true,
          "vars": {
            "preserve_original_event": false,
            "ignore_older": "72h",
            "language": 0,
            "tags": [
              "forwarded"
            ]
          }
        },
        "windows.powershell": {
          "enabled": true,
          "vars": {
            "preserve_original_event": false,
            "event_id": "400, 403, 600, 800",
            "ignore_older": "72h",
            "language": 0,
            "tags": []
          }
        },
        "windows.powershell_operational": {
          "enabled": true,
          "vars": {
            "preserve_original_event": false,
            "event_id": "4103, 4104, 4105, 4106",
            "ignore_older": "72h",
            "language": 0,
            "tags": []
          }
        },
        "windows.sysmon_operational": {
          "enabled": true,
          "vars": {
            "preserve_original_event": false,
            "ignore_older": "72h",
            "language": 0,
            "tags": []
          }
        }
      }
    },
    "windows-windows/metrics": {
      "enabled": false
    }
  }
}