mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-08 18:22:47 +01:00
68 lines
1.6 KiB
JSON
68 lines
1.6 KiB
JSON
{
|
|
"policy_id": "endpoints-initial",
|
|
"package": {
|
|
"name": "windows",
|
|
"version": ""
|
|
},
|
|
"name": "windows-endpoints",
|
|
"description": "",
|
|
"namespace": "default",
|
|
"inputs": {
|
|
"windows-winlog": {
|
|
"enabled": true,
|
|
"streams": {
|
|
"windows.forwarded": {
|
|
"enabled": true,
|
|
"vars": {
|
|
"tags": [
|
|
"forwarded"
|
|
],
|
|
"preserve_original_event": false
|
|
}
|
|
},
|
|
"windows.powershell": {
|
|
"enabled": true,
|
|
"vars": {
|
|
"tags": [],
|
|
"preserve_original_event": false
|
|
}
|
|
},
|
|
"windows.powershell_operational": {
|
|
"enabled": true,
|
|
"vars": {
|
|
"tags": [],
|
|
"preserve_original_event": false
|
|
}
|
|
},
|
|
"windows.sysmon_operational": {
|
|
"enabled": true,
|
|
"vars": {
|
|
"tags": [],
|
|
"preserve_original_event": false
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"windows-windows/metrics": {
|
|
"enabled": false,
|
|
"streams": {
|
|
"windows.perfmon": {
|
|
"enabled": false,
|
|
"vars": {
|
|
"perfmon.group_measurements_by_instance": false,
|
|
"perfmon.ignore_non_existent_counters": false,
|
|
"perfmon.queries": "- object: 'Process'\n instance: [\"*\"]\n counters:\n - name: '% Processor Time'\n field: cpu_perc\n format: \"float\"\n - name: \"Working Set\"\n",
|
|
"period": "10s"
|
|
}
|
|
},
|
|
"windows.service": {
|
|
"enabled": false,
|
|
"vars": {
|
|
"period": "60s"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|