Özgün Kültekin oz9un

## opendkim.conf
Syslog			yes
LogWhy			yes

UMask			007


Canonicalization	relaxed/simple
Mode			sv
SubDomains		no

## openssl.conf
oid_section = OIDs

[ OIDs ]

certificateTemplateName = 1.3.6.1.4.1.311.20.2
caVersion = 1.3.6.1.4.1.311.21.1

[ ca ]

default_ca = CA_default

## descriptionfields_networkconnection.xml
<Sysmon schemaversion="4.70">
  <EventFiltering>
    <RuleGroup name="" groupRelation="or">
	    <ProcessCreate onmatch="include" />
    </RuleGroup>

    <RuleGroup name="" groupRelation="or">
    	<ProcessTerminate onmatch="include" />
    </RuleGroup>


## network_specifications.xml
<Sysmon schemaversion="4.70">
  <EventFiltering>
    <!-- Event ID 3 == NetworkConnect Detected. Do not log anything!-->
    <RuleGroup name="" groupRelation="and">
        <NetworkConnect onmatch="exclude">
                <Protocol condition="is">tcp</Protocol>
                <Protocol condition="is">udp</Protocol>
                <DestinationPort condition="is">80</DestinationPort>
                <DestinationPort condition="is">443</DestinationPort>
        </NetworkConnect>

## all_disabled.xml
<Sysmon schemaversion="4.70">
  <EventFiltering>
    <!-- BELOW PART DISABLES ALL OTHER LOGS FOR FIXING THE MESS!-->
    <!-- Event ID 1 == ProcessCreate. Log only ping process. -->
    <RuleGroup name="" groupRelation="or">
        <ProcessCreate onmatch="include"/>
    </RuleGroup>
    <!-- Event ID 3 == NetworkConnect Detected. Do not log anything!-->
    <RuleGroup name="" groupRelation="or">
        <NetworkConnect onmatch="include"/>

## only_ping.xml
<Sysmon schemaversion="4.70">
  <EventFiltering>
    <!-- Event ID 1 == ProcessCreate. Log only ping process. -->
    <RuleGroup name="pingDetected" groupRelation="or">
            <ProcessCreate onmatch="include">
                    <Image condition="is">/usr/bin/ping</Image>
                    <CommandLine condition="contains">ping</CommandLine>
            </ProcessCreate>
    </RuleGroup>
	Syslog yes
	LogWhy yes

	UMask 007


	Canonicalization relaxed/simple
	Mode sv
	SubDomains no
	oid_section = OIDs

	[ OIDs ]

	certificateTemplateName = 1.3.6.1.4.1.311.20.2
	caVersion = 1.3.6.1.4.1.311.21.1

	[ ca ]

	default_ca = CA_default
	<Sysmon schemaversion="4.70">
	<EventFiltering>
	<RuleGroup name="" groupRelation="or">
	<ProcessCreate onmatch="include" />
	</RuleGroup>

	<RuleGroup name="" groupRelation="or">
	<ProcessTerminate onmatch="include" />
	</RuleGroup>
	<Sysmon schemaversion="4.70">
	<EventFiltering>
	<!-- Event ID 3 == NetworkConnect Detected. Do not log anything!-->
	<RuleGroup name="" groupRelation="and">
	<NetworkConnect onmatch="exclude">
	<Protocol condition="is">tcp</Protocol>
	<Protocol condition="is">udp</Protocol>
	<DestinationPort condition="is">80</DestinationPort>
	<DestinationPort condition="is">443</DestinationPort>
	</NetworkConnect>
	<Sysmon schemaversion="4.70">
	<EventFiltering>
	<!-- BELOW PART DISABLES ALL OTHER LOGS FOR FIXING THE MESS!-->
	<!-- Event ID 1 == ProcessCreate. Log only ping process. -->
	<RuleGroup name="" groupRelation="or">
	<ProcessCreate onmatch="include"/>
	</RuleGroup>
	<!-- Event ID 3 == NetworkConnect Detected. Do not log anything!-->
	<RuleGroup name="" groupRelation="or">
	<NetworkConnect onmatch="include"/>