trinitor/DetectionLab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add some Splunk nullQueues for noisy events

Browse Source
This commit is contained in:
Chris Long
2020-04-18 15:59:54 -07:00
parent c238b8e21f
commit d1d0566773
2 changed files with 15 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
Vagrant/resources/splunk_server/props.conf
View File

@@ -21,4 +21,8 @@ TIME_FORMAT = %s
TRUNCATE = 0
[osquery:status]
TRANSFORMS-null = setnull
TRANSFORMS-null = setnull
[WinEventLog]
TRANSFORMS-null = osqueryd_wineventlog_null
TRANSFORMS-null = autoruns_wineventlog_null