| { | |
| "logs": { | |
| "logs_collected": { | |
| "windows_events": { | |
| "collect_list": [ | |
| { | |
| "event_format": "xml", | |
| "event_levels": [ | |
| "INFORMATION", | |
| "WARNING", | |
| "ERROR", | |
| "CRITICAL" | |
| ], | |
| "event_name": "System", | |
| "log_group_name": "System" | |
| }, | |
| { | |
| "event_format": "xml", | |
| "event_levels": [ | |
| "VERBOSE", | |
| "INFORMATION", | |
| "WARNING", | |
| "ERROR", | |
| "CRITICAL" | |
| ], | |
| "event_name": "Security", | |
| "log_group_name": "Security" | |
| }, | |
| { | |
| "event_format": "xml", | |
| "event_levels": [ | |
| "VERBOSE", | |
| "INFORMATION", | |
| "WARNING", | |
| "ERROR", | |
| "CRITICAL" | |
| ], | |
| "event_name": "Microsoft-Windows-Sysmon/Operational", | |
| "log_group_name": "Sysmon" | |
| } | |
| ] | |
| } | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment