You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
51 lines
1.6 KiB
51 lines
1.6 KiB
##
|
|
## SPDX-FileCopyrightText: 2021 Splunk, Inc. <sales@splunk.com>
|
|
## SPDX-License-Identifier: LicenseRef-Splunk-8-2021
|
|
## DO NOT EDIT THIS FILE!
|
|
## Please make all changes to files in $SPLUNK_HOME/etc/apps/Splunk_TA_windows/local.
|
|
## To make changes, copy the section/stanza you want to change from $SPLUNK_HOME/etc/apps/Splunk_TA_windows/default
|
|
## into ../local and edit there.
|
|
##
|
|
|
|
###### EventID.net ######
|
|
[windows_eventidnet_winapp]
|
|
display_location = both
|
|
eventtypes = winapp
|
|
fields = SourceName, EventCode, signature_id
|
|
label = EventId Encyclopedia
|
|
link.method = get
|
|
link.target = blank
|
|
link.uri = https://www.eventid.net/display.asp?eventid=$signature_id$&source=$SourceName$
|
|
type = link
|
|
|
|
[windows_eventidnet_winsec]
|
|
display_location = both
|
|
eventtypes = winsec
|
|
fields = SourceName, EventCode, signature_id
|
|
label = EventId Encyclopedia
|
|
link.method = get
|
|
link.target = blank
|
|
link.uri = https://www.eventid.net/display.asp?eventid=$signature_id$&source=$SourceName$
|
|
type = link
|
|
|
|
[windows_eventidnet_winsystem]
|
|
display_location = both
|
|
eventtypes = winsystem
|
|
fields = SourceName, EventCode, signature_id
|
|
label = EventId Encyclopedia
|
|
link.method = get
|
|
link.target = blank
|
|
link.uri = https://www.eventid.net/display.asp?eventid=$signature_id$&source=$SourceName$
|
|
type = link
|
|
|
|
###### Ultimate Windows Security ######
|
|
[windows_ultimatewinsec]
|
|
display_location = both
|
|
eventtypes = winsec
|
|
fields = EventCode, signature_id
|
|
label = Winsec Encyclopedia
|
|
link.method = get
|
|
link.target = blank
|
|
link.uri = https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=$signature_id$
|
|
type = link
|