Configuration/Definitions/LogClearSecurity.json
|
{ "SearchDefinition": { "LogClearSecurity": { "Events": { "Fields": { "Computer": "Computer", "Action": "Action", "Date": "Date", "Who":"Who", "SubjectUserSid":"UserId", "SubjectUserName": "SubjectUserName", "SubjectDomainName": "SubjectDomainName", "MachineName":"ObjectAffected", "NoNameB1":"EventSource", "NoNameB3":"EventLevel", "NoNameB4": "EventAction", "ID": "Event ID", "RecordID": "Record ID", "GatheredFrom": "Gathered From", "GatheredLogName": "Gathered LogName" }, "Events": 1102, "IgnoreWords": {}, "LogName": "Security", "SortBy": "When", "Enabled": true }, "Enabled": true } }, "LogName": "WEC5-Log-Deletion-Security" } |