Olaf Hartong olafhartong
olafhartong
/ sysmon-logman.xml
Created
August 16, 2018 19:50
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <DataCollectorSet><Status>0</Status><Duration>0</Duration><Description/><DescriptionUnresolved/><DisplayName/><DisplayNameUnresolved/><SchedulesEnabled>-1</SchedulesEnabled><LatestOutputLocation>C:\temp\</LatestOutputLocation><Name>sysmon</Name><OutputLocation>D:\temp\</OutputLocation><RootPath>D:\temp</RootPath><Segment>0</Segment><SegmentMaxDuration>0</SegmentMaxDuration><SegmentMaxSize>0</SegmentMaxSize><SerialNumber>7</SerialNumber><Server/><Subdirectory/><SubdirectoryFormat>1</SubdirectoryFormat><SubdirectoryFormatPattern/><Task/><TaskRunAsSelf>0</TaskRunAsSelf><TaskArguments/><TaskUserTextArguments/><UserAccount>SYSTEM</UserAccount><Security>O:BAG:DUD:AI(A;;FA;;;SY)(A;;FA;;;BA)(A;;FR;;;LU)(A;;0x1301ff;;;S-1-5-80-2661322625-712705077-2999183737-3043590567-590698655)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0x1200ab;;;LU)(A;ID;FR;;;AU)(A;ID;FR;;;LS)(A;ID;FR;;;NS)</Security><StopOnCompletion>0</StopOnCompletion><PerformanceCounterDataCollector><DataCollectorType>0</DataCollectorType><Name>System Monitor Log</Name> |
olafhartong
/ sysmon-8-schema
Created
July 6, 2018 05:01
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <manifest schemaversion="4.1" binaryversion="8.00"> | |
| <configuration> | |
| <options> | |
| <!-- Command-line only options --> | |
| <option switch="i" name="Install" argument="optional" noconfig="true" exclusive="true" /> | |
| <option switch="c" name="Configuration" argument="optional" noconfig="true" exclusive="true" /> | |
| <option switch="u" name="UnInstall" argument="none" noconfig="true" exclusive="true" /> | |
| <option switch="m" name="Manifest" argument="none" noconfig="true" exclusive="true" /> | |
| <option switch="t" name="DebugMode" argument="none" noconfig="true" /> | |
| <option switch="s" name="PrintSchema" argument="optional" noconfig="true" exclusive="true" /> |
olafhartong
/ sysmon-7-schema.xml
Created
June 7, 2018 19:37
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <manifest schemaversion="4.0" binaryversion="1.01"> | |
| <configuration> | |
| <options> | |
| <!-- Command-line only options --> | |
| <option switch="i" name="Install" argument="optional" noconfig="true" exclusive="true" /> | |
| <option switch="c" name="Configuration" argument="optional" noconfig="true" exclusive="true" /> | |
| <option switch="u" name="UnInstall" argument="none" noconfig="true" exclusive="true" /> | |
| <option switch="m" name="Manifest" argument="none" noconfig="true" exclusive="true" /> | |
| <option switch="t" name="DebugMode" argument="none" noconfig="true" /> | |
| <option switch="s" name="PrintSchema" argument="optional" noconfig="true" exclusive="true" /> |
olafhartong
/ bro-ids_logstash.conf
Last active
August 29, 2015 14:19
— forked from mrlesmithjr/bro-ids_logstash.conf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Bro-IDS Logstash parser | |
| # Parts of this taken from http://www.appliednsm.com/wp-content/uploads/logstash-SObro22-parse.conf_.txt | |
| #Logs being parsed: | |
| #app_stats.log | |
| #conn.log | |
| #dns.log | |
| #dpd.log | |
| #files.log | |
| #http.log |
NewerOlder