trinitor/DetectionLab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fixing Splunk regex

Browse Source
This commit is contained in:
Chris Long
2020-05-02 22:20:48 -07:00
committed by GitHub
parent c8514a49a4
commit b314066e06
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
Vagrant/resources/splunk_server/transforms.conf
View File

@@ -20,11 +20,11 @@ DEST_KEY = queue
FORMAT = nullQueue FORMAT = nullQueue
[osqueryd_wineventlog_null] [osqueryd_wineventlog_null]
REGEX = "Process_Name=C:\\Program Files\\osquery\\osqueryd\\osqueryd.exe" REGEX = "Process\sName:\s+C:\\Program Files\\osquery\\osqueryd\\osqueryd.exe""
DEST_KEY = queue DEST_KEY = queue
FORMAT = nullQueue FORMAT = nullQueue
[autoruns_wineventlog_null] [autoruns_wineventlog_null]
REGEX = "Script\sName\s=\sC\:\\Program Files\\AutorunsToWinEventLog\\AutorunsToWinEventLog.ps1" REGEX = "Script\sName\s=\sC\:\\Program Files\\AutorunsToWinEventLog\\AutorunsToWinEventLog.ps1"
DEST_KEY = queue DEST_KEY = queue
FORMAT = nullQueue FORMAT = nullQueue