Add event logs for Microsoft-Windows-Windows Firewall With Advanced Security provider #39

Cyb3rPandaH · 2022-06-28T12:20:50Z

Some relationships in OSSEM-DM use events such as 2004 (Firewall rule added), 2006 (Firewall rule deleted)

Reference: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security

…Security events - log_source: Microsoft-Windows-Windows Firewall With Advanced Security - issue created in OSSEM-DD: Creation of dictionaries required - OTRF/OSSEM-DD#39

Cyb3rPandaH added documentation Improvements or additions to documentation help wanted Extra attention is needed labels Jun 28, 2022

Cyb3rPandaH self-assigned this Jun 28, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add event logs for Microsoft-Windows-Windows Firewall With Advanced Security provider #39

Add event logs for Microsoft-Windows-Windows Firewall With Advanced Security provider #39

Cyb3rPandaH commented Jun 28, 2022

Add event logs for Microsoft-Windows-Windows Firewall With Advanced Security provider #39

Add event logs for Microsoft-Windows-Windows Firewall With Advanced Security provider #39

Comments

Cyb3rPandaH commented Jun 28, 2022