trinitor/DetectionLab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Update transforms.conf

Browse Source
This commit is contained in:
Chris Long
2020-08-12 23:02:59 -07:00
committed by GitHub
parent 83f5bf601c
commit 769dabf8a6
1 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
Vagrant/resources/splunk_server/transforms.conf
View File

@@ -23,3 +23,15 @@ FORMAT = nullQueue
REGEX = "Script\sName\s=\sC\:\\Program Files\\AutorunsToWinEventLog\\AutorunsToWinEventLog.ps1"
DEST_KEY = queue
FORMAT = nullQueue
[removeEventDesc1]
LOOKAHEAD = 20000
REGEX = (?msi)(.*)This event is generated
DEST_KEY = _raw
FORMAT = $1
[removeEventDesc2]
LOOKAHEAD = 20000
REGEX = (?msi)(.*)The subject fields indicate
DEST_KEY = _raw
FORMAT = $1