CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-12 12:12:59 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
43ec897397bb788df65df76987f98dc6fe285d11
securityonion/salt/elasticfleet/files/integrations/endpoints-initial/windows-endpoints.json
Josh Brower 4c4b873eca Add integrations and cleanup
2023-04-19 09:04:33 -04:00

60 lines
1.4 KiB
JSON
Raw Blame History

{
"package": {
"name": "windows",
"version": "1.19.1"
},
"name": "windows-endpoints",
"namespace": "default",
"policy_id": "endpoints-initial",
"inputs": {
"windows-winlog": {
"enabled": true,
"streams": {
"windows.forwarded": {
"enabled": true,
"vars": {
"preserve_original_event": false,
"ignore_older": "72h",
"language": 0,
"tags": [
"forwarded"
]
}
},
"windows.powershell": {
"enabled": true,
"vars": {
"preserve_original_event": false,
"event_id": "400, 403, 600, 800",
"ignore_older": "72h",
"language": 0,
"tags": []
}
},
"windows.powershell_operational": {
"enabled": true,
"vars": {
"preserve_original_event": false,
"event_id": "4103, 4104, 4105, 4106",
"ignore_older": "72h",
"language": 0,
"tags": []
}
},
"windows.sysmon_operational": {
"enabled": true,
"vars": {
"preserve_original_event": false,
"ignore_older": "72h",
"language": 0,
"tags": []
}
}
}
},
"windows-windows/metrics": {
"enabled": false
}
}
}
Reference in New Issue View Git Blame Copy Permalink