From 8aca0ea860f32708723e53f2f80365a7e177ffda Mon Sep 17 00:00:00 2001 From: blotus Date: Fri, 12 May 2023 13:47:01 +0200 Subject: [PATCH] update default windows acquisition configuration (#2195) --- config/acquis_win.yaml | 25 ++++++++++++++++++++++++- windows/installer/product.wxs | 10 +++++----- 2 files changed, 29 insertions(+), 6 deletions(-) diff --git a/config/acquis_win.yaml b/config/acquis_win.yaml index a22dc260e..86d233cca 100644 --- a/config/acquis_win.yaml +++ b/config/acquis_win.yaml @@ -1,3 +1,4 @@ +##RDP source: wineventlog event_channel: Security event_ids: @@ -5,4 +6,26 @@ event_ids: - 4623 event_level: information labels: - type: eventlog \ No newline at end of file + type: eventlog +--- +##Firewall +filenames: + - C:\Windows\System32\LogFiles\Firewall\pfirewall.log +labels: + type: windows-firewall +--- +##SQL Server +source: wineventlog +event_channel: Application +event_ids: + - 18456 +event_level: information +labels: + type: eventlog +--- +##IIS +use_time_machine: true +filenames: + - C:\inetpub\logs\LogFiles\*\*.log +labels: + type: iis \ No newline at end of file diff --git a/windows/installer/product.wxs b/windows/installer/product.wxs index 408178cda..b43cd6de3 100644 --- a/windows/installer/product.wxs +++ b/windows/installer/product.wxs @@ -132,17 +132,17 @@ - - - + + + - + - + NOT Installed AND NOT REMOVE