Skip to content

Commit

Permalink
added extra event ID for malicious content review
Browse files Browse the repository at this point in the history
  • Loading branch information
@adworjan
adworjan committed Oct 17, 2023
1 parent 8dce4c5 commit 2a09fbd
Show file tree
Hide file tree
Showing 3 changed files with 14 additions and 14 deletions.
2 changes: 1 addition & 1 deletion .ansible-sign/sha256sum.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ fba914c608f1a6ccdad971355139b98f0670fc8e7d51d13dca7a6e65bdc82429 roles/snort_bu
eec62140ff6f456fb2fd45adaa8f69866c23ca8ec124ab1abfea08bcca7dccc6 roles/winlogbeat/defaults/main.yml
a06c3bed9503b47cfa11d61ff3609dde83b4599b522160f5e14f13088df5ebaf roles/winlogbeat/handlers/main.yml
9780c8e92510aba03fff312c5cc461d8f1b866b269311e16628da76a95bfbafb roles/winlogbeat/tasks/main.yml
e660b5b443d6d5eb425109179d47772f67c9127925888cb5b7e09ada2112b652 roles/winlogbeat/templates/winlogbeat.yml.j2
862d892300d6fa0c92d6272448c9ebfbb11087845d2d05b9f43d27041a4d05ba roles/winlogbeat/templates/winlogbeat.yml.j2
f15fd50d2ee1d7cd5043153a707948b5897de8b1a544b226b33d493f4fe98f95 snortbuildconfig.yml
117d2f3e9d48d0d59d5dcfca9c9829295c1039c7204784c68978778db75e288a templates/cpu-rules.yml.j2
ff3bc0d052a72eb88bf093b9a2b9f31946032ab78dc7c4c742017f161f38763f templates/disk-rules.yml.j2
Expand Down
22 changes: 11 additions & 11 deletions .ansible-sign/sha256sum.txt.sig
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
-----BEGIN PGP SIGNATURE-----

iQGzBAABCAAdFiEE/bJvyFHKKJdaZDOLTiIiIXrUDNEFAmUtrp8ACgkQTiIiIXrU
DNGeiwv/WssO6HnFNJ0kq009L6znhC+7RrLfVG9BKj6ZFYWLL9UIULaDfUoWsnsC
rjjhs6sEHhF0apm7AE+MgiMTsVEtbCLv7gktf2Q8B21yqhp9qUB6AXzRXT8uQ0IX
d/uevuVEe2BInI/QaWJeuOeXWRismwmsqLlv0H8uVrF645KSuzpu6QBrH2BrHQhR
S5I5+XBIS/PAWaAl8COxIylNo/SAzOG4jdd1Rg9TXW8b5eRJ+cGoHjkF6M6cse3U
8Ew/swkm6/IoxYkcNzAaGHmxIBdlHisEBgeVmbCkTgN2sSkCpRT++R8hboBMzNkQ
xSMeomnYNwugGFJlXVsgxCxP3J4wehtrAPPWjZ2c29iLFmnZ5qOJ/QaI2QI++0sw
1COPU4P4CJTIw7QRHaRGZYz+I6K5S0SUtdfVtkjZtQXUWEf4NkjUJvHBwgKMj2VS
tyxOxG5qb4L79qL9UtXde6m7vUV6RnrTJrzGZPCqoRTDFarjllmLniQNWAStHTB/
UvsTDWJC
=EYzE
iQGzBAABCAAdFiEE/bJvyFHKKJdaZDOLTiIiIXrUDNEFAmUudz8ACgkQTiIiIXrU
DNFx5Qv+NjhzzV8iEp32OVUbPjkeC+dcaaSXFAAiEvsqaFn5Hja/kIUy0DFlM4WU
/mcoIPWAvHv9n4j4yTZ5mInaI668nxQ/+vH0MiiO9iZmQDcNt9GLVZ59MqgmeXBF
ZPm+gw6pvmzvb86VQPIM4HtlTbzJ5pEFd5VEXOfB+VSS2SbzG/xyEm3Dk1hN42sO
fXrJ6LdRQIO8SgvBf3+CX5tds0/7f8A1bCOsxw2kshUTH9PSlD7xxU2GV2DJfQUZ
Qzkhh9MJvLBgRN2Ug58DGSm/JUp4XvcM3/3So2F4gF79XiU2dTIt3QlgfpCJ8Ho0
3xViG7JssS/nevtO2aGQPc1aQiKfmOrbY2f+QuxZKGz1/FzlMTDgmiV8x2SwjA54
H2aE4f4z3ol3cCioJHfIxxEb65jjr/I12gMFIjILpJU0HXXN8i8yJFR8MxWDwOP7
C1+1LclejsQWpeVRBPFlASuBABjodBo/fv5EnI64fEqFMquBKh8VH/iFJSyorbNz
n5vOMEz8
=DZdl
-----END PGP SIGNATURE-----
4 changes: 2 additions & 2 deletions roles/winlogbeat/templates/winlogbeat.yml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,10 +18,10 @@ winlogbeat.event_logs:
- name: Microsoft-Windows-Sysmon/Operational

- name: Windows PowerShell
event_id: 400, 403, 600, 800
event_id: 200, 400, 403, 500, 501, 600, 800

- name: Microsoft-Windows-PowerShell/Operational
event_id: 4103, 4104, 4105, 4106
event_id: 4100, 4103, 4104, 4105, 4106

- name: ForwardedEvents
tags: [forwarded]
Expand Down

0 comments on commit 2a09fbd

Please sign in to comment.