Splunk_Deploiement/deployment-apps/Splunk_TA_windows/default/workflow_actions.conf

##
## SPDX-FileCopyrightText: 2024 Splunk, Inc.
## SPDX-License-Identifier: LicenseRef-Splunk-8-2021
## DO NOT EDIT THIS FILE!
## Please make all changes to files in $SPLUNK_HOME/etc/apps/Splunk_TA_windows/local.
## To make changes, copy the section/stanza you want to change from $SPLUNK_HOME/etc/apps/Splunk_TA_windows/default
## into ../local and edit there.
##

###### EventID.net ######
[windows_eventidnet_winapp]
display_location = both
eventtypes = winapp
fields = SourceName, EventCode, signature_id
label = EventId Encyclopedia
link.method = get
link.target = blank
link.uri = https://www.eventid.net/display.asp?eventid=$signature_id$&source=$SourceName$
type = link

[windows_eventidnet_winsec]
display_location = both
eventtypes = winsec
fields = SourceName, EventCode, signature_id
label = EventId Encyclopedia
link.method = get
link.target = blank
link.uri = https://www.eventid.net/display.asp?eventid=$signature_id$&source=$SourceName$
type = link

[windows_eventidnet_winsystem]
display_location = both
eventtypes = winsystem
fields = SourceName, EventCode, signature_id
label = EventId Encyclopedia
link.method = get
link.target = blank
link.uri = https://www.eventid.net/display.asp?eventid=$signature_id$&source=$SourceName$
type = link

###### Ultimate Windows Security ######
[windows_ultimatewinsec]
display_location = both
eventtypes = winsec
fields = EventCode, signature_id
label = Winsec Encyclopedia
link.method = get
link.target = blank
link.uri = https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=$signature_id$
type = link