SHARE
TWEET

Untitled

a guest Aug 22nd, 2019 67 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <Extension _json>
  2.     Module xm_json
  3. </Extension>
  4.  
  5. <Input windows_sysmon>
  6.     Module  im_msvistalog
  7.     <QueryXML>
  8.         <QueryList>
  9.             <Query Id="0">
  10.                 <Select Path="Microsoft-Windows-Sysmon/Operational">*</Select>
  11.             </Query>
  12.         </QueryList>
  13.     </QueryXML>
  14. </Input>
  15.  
  16. <Extension _syslog>
  17.     Module  xm_syslog
  18. </Extension>
  19.  
  20. # Output for Backstory
  21. <Output backstory>
  22.     Module  om_tcp
  23.     Host    10.50.22.210
  24.     Port    10514
  25.     Exec    to_json();
  26. </Output>
  27.  
  28. <Route to_backstory>
  29.     Path windows_sysmon => backstory
  30. </Route>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top