trinitor/DetectionLab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Chris Long
2017-12-11 08:49:25 -08:00
commit 1577341ce9
157 changed files with 5271 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
Vagrant/resources/splunk_forwarder/inputs.conf Executable file
View File

@@ -0,0 +1,29 @@
[WinEventLog://Microsoft-Windows-Sysmon/Operational]
index = sysmon
disabled = false
renderXml = true
[monitor://c:\programdata\osquery\log\osqueryd.results.log]
index = osquery
disabled = false
sourcetype = osquery:json
[monitor://c:\programdata\osquery\log\osqueryd.snapshots.log]
index = osquery
disabled = false
sourcetype = osquery:json
[monitor://c:\programdata\osquery\log\osqueryd.INFO.*]
index = osquery-status
disabled = false
sourcetype = osquery-info:syslog
[monitor://c:\programdata\osquery\log\osqueryd.WARNING.*]
index = osquery-status
disabled = false
sourcetype = osquery-warn:syslog
[monitor://c:\programdata\osquery\log\osqueryd.ERROR.*]
index = osquery-status
disabled = false
sourcetype = osquery-error:syslog