trinitor/DetectionLab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add transforms to remove eventid description text

Browse Source
This commit is contained in:
Chris Long
2020-08-12 23:02:33 -07:00
committed by GitHub
parent 0bf5a631fa
commit 83f5bf601c
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
Vagrant/resources/splunk_server/props.conf
View File

@@ -1,5 +1,8 @@
[source::WinEventLog:*] [source::WinEventLog:*]
TRANSFORMS-host = wef_computername_as_host TRANSFORMS-host = wef_computername_as_host
TRANSFORMS-removedescription1 = removeEventDesc1
TRANSFORMS-removedescription2 = removeEventDesc2
TRANSFORMS-null = autoruns_wineventlog_null
[powershell_transcript] [powershell_transcript]
TRANSFORMS-powershell_rename_host = powershell_rename_host TRANSFORMS-powershell_rename_host = powershell_rename_host
@@ -23,5 +26,3 @@ TRUNCATE = 0
[osquery:status] [osquery:status]
TRANSFORMS-null = osquery_status_filter TRANSFORMS-null = osquery_status_filter
[WinEventLog]
TRANSFORMS-null = autoruns_wineventlog_null