github.com/crowdsecurity/crowdsec@v1.6.1/config/acquis_win.yaml

github.com/crowdsecurity/crowdsec@v1.6.1/config/acquis_win.yaml (about)

     1  ##RDP
     2  source: wineventlog
     3  event_channel: Security
     4  event_ids:
     5   - 4625
     6   - 4623
     7  event_level: information
     8  labels:
     9   type: eventlog
    10  ---
    11  ##Firewall
    12  filenames:
    13    - C:\Windows\System32\LogFiles\Firewall\*.log
    14  labels:
    15    type: windows-firewall
    16  ---
    17  ##SQL Server
    18  source: wineventlog
    19  event_channel: Application
    20  event_ids:
    21   - 18456
    22  event_level: information
    23  labels:
    24   type: eventlog
    25  ---
    26  ##IIS
    27  use_time_machine: true
    28  filenames:
    29    - C:\inetpub\logs\LogFiles\*\*.log
    30  labels:
    31    type: iis