Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <Extension _json>
- Module xm_json
- </Extension>
- <Input windows_sysmon>
- Module im_msvistalog
- <QueryXML>
- <QueryList>
- <Query Id="0">
- <Select Path="Microsoft-Windows-Sysmon/Operational">*</Select>
- </Query>
- </QueryList>
- </QueryXML>
- </Input>
- <Extension _syslog>
- Module xm_syslog
- </Extension>
- # Output for Backstory
- <Output backstory>
- Module om_tcp
- Host 10.50.22.210
- Port 10514
- Exec to_json();
- </Output>
- <Route to_backstory>
- Path windows_sysmon => backstory
- </Route>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
