trinitor/DetectionLab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Implementing blacklist on wef_inputs.conf

Browse Source 
Resolving Issue #436
This commit is contained in:
Chris Long
2020-05-03 17:08:22 -07:00
committed by GitHub
parent f0a7b1481f
commit 9e9120f02b
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
Vagrant/resources/splunk_forwarder/wef_inputs.conf
View File

@@ -140,6 +140,7 @@ disabled = 0
start_from = oldest
current_only = 0
checkpointInterval = 5
blacklist1 = EventCode="4798" Message=".+Process Name:.+\\osqueryd\\osqueryd.exe"
[WinEventLog://WEC3-Windows-Diagnostics]
sourcetype = WinEventLog:System