New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Windows eventchannel enhancement #2142

merged 59 commits into from Dec 31, 2018


None yet
4 participants
Copy link

cristgl commented Dec 19, 2018

This PR solves the issue #905, adding a new Windows events processing to get the data in JSON format.


This comment has been minimized.

Copy link

cristgl commented Dec 28, 2018

The channels added by default at the ossec.conf file are Security, System and Application, nevertheless, the ruleset contain some more channels, but maybe adding these ones to the configuration file could cause flooding. The extra channels are:

  • Microsoft-Windows-Sysmon/Operational
  • Microsoft Antimalware
  • Microsoft-Windows-Windows Defender/Operational
  • Microsoft-Windows-Eventlog

@chemamartinez chemamartinez force-pushed the fix-windows-dec branch from 55b43aa to 3b89529 Dec 31, 2018

Copy link

chemamartinez left a comment

GJ @cristgl !!

@chemamartinez chemamartinez merged commit 66e4bb6 into 3.8 Dec 31, 2018

@chemamartinez chemamartinez deleted the fix-windows-dec branch Dec 31, 2018

@vikman90 vikman90 referenced this pull request Jan 7, 2019


Rule tests won't match #2215

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment