trinitor/DetectionLab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge branch 'master' into update_gpo_ena

Browse Source
This commit is contained in:
Chris Long
2020-05-03 17:13:59 -07:00
committed by GitHub
parent aeecd1b756 9e9120f02b
commit 23e8e288f9
2 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
Vagrant/resources/splunk_forwarder/wef_inputs.conf
View File

@@ -140,6 +140,7 @@ disabled = 0
start_from = oldest start_from = oldest
current_only = 0 current_only = 0
checkpointInterval = 5 checkpointInterval = 5
blacklist1 = EventCode="4798" Message=".+Process Name:.+\\osqueryd\\osqueryd.exe"
[WinEventLog://WEC3-Windows-Diagnostics] [WinEventLog://WEC3-Windows-Diagnostics]
sourcetype = WinEventLog:System sourcetype = WinEventLog:System

2
Vagrant/resources/splunk_server/transforms.conf
View File

@@ -22,4 +22,4 @@ FORMAT = nullQueue
[autoruns_wineventlog_null] [autoruns_wineventlog_null]
REGEX = "Script\sName\s=\sC\:\\Program Files\\AutorunsToWinEventLog\\AutorunsToWinEventLog.ps1" REGEX = "Script\sName\s=\sC\:\\Program Files\\AutorunsToWinEventLog\\AutorunsToWinEventLog.ps1"
DEST_KEY = queue DEST_KEY = queue
FORMAT = nullQueue FORMAT = nullQueue