New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Windows eventchannel enhancement #2142

Merged
merged 59 commits into from Dec 31, 2018

Conversation

Projects
None yet
4 participants
@cristgl
Copy link
Member

cristgl commented Dec 19, 2018

This PR solves the issue #905, adding a new Windows events processing to get the data in JSON format.

@cristgl

This comment has been minimized.

Copy link
Member

cristgl commented Dec 28, 2018

The channels added by default at the ossec.conf file are Security, System and Application, nevertheless, the ruleset contain some more channels, but maybe adding these ones to the configuration file could cause flooding. The extra channels are:

  • Microsoft-Windows-Sysmon/Operational
  • Microsoft Antimalware
  • Microsoft-Windows-Windows Defender/Operational
  • Microsoft-Windows-Eventlog

@chemamartinez chemamartinez force-pushed the fix-windows-dec branch from 55b43aa to 3b89529 Dec 31, 2018

@chemamartinez
Copy link
Member

chemamartinez left a comment

GJ @cristgl !!

@chemamartinez chemamartinez merged commit 66e4bb6 into 3.8 Dec 31, 2018

@chemamartinez chemamartinez deleted the fix-windows-dec branch Dec 31, 2018

@vikman90 vikman90 referenced this pull request Jan 7, 2019

Closed

Rule tests won't match #2215

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment