diff --git a/Vagrant/resources/splunk_forwarder/wef_inputs.conf b/Vagrant/resources/splunk_forwarder/wef_inputs.conf
index 35651dd..7690af9 100755
--- a/Vagrant/resources/splunk_forwarder/wef_inputs.conf
+++ b/Vagrant/resources/splunk_forwarder/wef_inputs.conf
@@ -140,6 +140,7 @@ disabled = 0
 start_from = oldest
 current_only = 0
 checkpointInterval = 5
+blacklist1 = EventCode="4798" Message=".+Process Name:.+\\osqueryd\\osqueryd.exe"
 
 [WinEventLog://WEC3-Windows-Diagnostics]
 sourcetype = WinEventLog:System
diff --git a/Vagrant/resources/splunk_server/transforms.conf b/Vagrant/resources/splunk_server/transforms.conf
index 7bc6532..66fb9bb 100644
--- a/Vagrant/resources/splunk_server/transforms.conf
+++ b/Vagrant/resources/splunk_server/transforms.conf
@@ -22,4 +22,4 @@ FORMAT = nullQueue
 [autoruns_wineventlog_null]
 REGEX = "Script\sName\s=\sC\:\\Program Files\\AutorunsToWinEventLog\\AutorunsToWinEventLog.ps1"
 DEST_KEY = queue
-FORMAT = nullQueue
\ No newline at end of file
+FORMAT = nullQueue