You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
wmi_consumer_type vs CONSUMER wmi_consume_name vs ESS
We might need to extract and modify fields from the built-in. But I believe that most of the info are present on the EventID: 5861. Was it done on purpose?
The text was updated successfully, but these errors were encountered:
Their might be a mismatch between 2 log definition related to WMI events.
For example:
Sysmon EventID: 20https://github.com/OTRF/OSSEM/blob/a47073b4a9fd51198880d87976d589fde9b03e1f/source/data_dictionaries/windows/sysmon/events/event-20.yml
WMI EventID: 5861https://github.com/OTRF/OSSEM/blob/a47073b4a9fd51198880d87976d589fde9b03e1f/source/data_dictionaries/windows/etw-providers/Microsoft-Windows-WMI-Activity/events/event-5861.yml
wmi_consumer_typevsCONSUMERwmi_consume_namevsESSWe might need to extract and modify fields from the built-in. But I believe that most of the info are present on the
EventID: 5861. Was it done on purpose?The text was updated successfully, but these errors were encountered: