mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-12 12:12:59 +01:00
60 lines
1.4 KiB
JSON
60 lines
1.4 KiB
JSON
{
|
|
"package": {
|
|
"name": "windows",
|
|
"version": ""
|
|
},
|
|
"name": "windows-endpoints",
|
|
"namespace": "default",
|
|
"policy_id": "endpoints-initial",
|
|
"inputs": {
|
|
"windows-winlog": {
|
|
"enabled": true,
|
|
"streams": {
|
|
"windows.forwarded": {
|
|
"enabled": true,
|
|
"vars": {
|
|
"preserve_original_event": false,
|
|
"ignore_older": "72h",
|
|
"language": 0,
|
|
"tags": [
|
|
"forwarded"
|
|
]
|
|
}
|
|
},
|
|
"windows.powershell": {
|
|
"enabled": true,
|
|
"vars": {
|
|
"preserve_original_event": false,
|
|
"event_id": "400, 403, 600, 800",
|
|
"ignore_older": "72h",
|
|
"language": 0,
|
|
"tags": []
|
|
}
|
|
},
|
|
"windows.powershell_operational": {
|
|
"enabled": true,
|
|
"vars": {
|
|
"preserve_original_event": false,
|
|
"event_id": "4103, 4104, 4105, 4106",
|
|
"ignore_older": "72h",
|
|
"language": 0,
|
|
"tags": []
|
|
}
|
|
},
|
|
"windows.sysmon_operational": {
|
|
"enabled": true,
|
|
"vars": {
|
|
"preserve_original_event": false,
|
|
"ignore_older": "72h",
|
|
"language": 0,
|
|
"tags": []
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"windows-windows/metrics": {
|
|
"enabled": false
|
|
}
|
|
}
|
|
}
|