trinitor/DetectionLab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
34d8a39c43c03eecc91142d02ace1d5143336b1e
DetectionLab/Vagrant/resources/splunk_server/props.conf
Chris Long 34d8a39c43 Multiple bugfixes, add dashboard
2020-03-27 14:53:04 -07:00

22 lines
551 B
Plaintext
Raw Blame History

[source::WinEventLog:*]
TRANSFORMS-host = wef_computername_as_host
[powershell_transcript]
TRANSFORMS-powershell_rename_host = powershell_rename_host
SHOULD_LINEMERGE = false
LINE_BREAKER = ([\r\n]+)THISDOESNTEXIST
DATETIME_CONFIG =
NO_BINARY_CHECK = true
TIME_FORMAT = %Y%m%d%H%M%S
TIME_PREFIX = Start time:\s
category = Custom
pulldown_type = true
TRUNCATE = 0
[osquery:json]
TRANSFORMS-osquery_host = osquery_hostidentifier_as_host
TRANSFORMS-null = setnull
TIME_PREFIX = \"unixTime\"\:
MAX_TIMESTAMP_LOOKAHEAD = 500
TIME_FORMAT = %s
TRUNCATE = 0
Reference in New Issue View Git Blame Copy Permalink