update default windows acquisition configuration (#2195)
This commit is contained in:
parent
abbc130844
commit
8aca0ea860
|
@ -1,3 +1,4 @@
|
||||||
|
##RDP
|
||||||
source: wineventlog
|
source: wineventlog
|
||||||
event_channel: Security
|
event_channel: Security
|
||||||
event_ids:
|
event_ids:
|
||||||
|
@ -6,3 +7,25 @@ event_ids:
|
||||||
event_level: information
|
event_level: information
|
||||||
labels:
|
labels:
|
||||||
type: eventlog
|
type: eventlog
|
||||||
|
---
|
||||||
|
##Firewall
|
||||||
|
filenames:
|
||||||
|
- C:\Windows\System32\LogFiles\Firewall\pfirewall.log
|
||||||
|
labels:
|
||||||
|
type: windows-firewall
|
||||||
|
---
|
||||||
|
##SQL Server
|
||||||
|
source: wineventlog
|
||||||
|
event_channel: Application
|
||||||
|
event_ids:
|
||||||
|
- 18456
|
||||||
|
event_level: information
|
||||||
|
labels:
|
||||||
|
type: eventlog
|
||||||
|
---
|
||||||
|
##IIS
|
||||||
|
use_time_machine: true
|
||||||
|
filenames:
|
||||||
|
- C:\inetpub\logs\LogFiles\*\*.log
|
||||||
|
labels:
|
||||||
|
type: iis
|
|
@ -132,17 +132,17 @@
|
||||||
|
|
||||||
|
|
||||||
<SetProperty Id="HubUpdate" Value=""[INSTALLDIR]\cscli.exe" hub update" Sequence="execute" Before="HubUpdate" />
|
<SetProperty Id="HubUpdate" Value=""[INSTALLDIR]\cscli.exe" hub update" Sequence="execute" Before="HubUpdate" />
|
||||||
<CustomAction Id="HubUpdate" BinaryKey="WixCA" DllEntry="WixQuietExec" Execute="deferred" Return="check" Impersonate="no" />
|
<CustomAction Id="HubUpdate" BinaryKey="WixCA" DllEntry="WixQuietExec" Execute="deferred" Return="ignore" Impersonate="no" />
|
||||||
<SetProperty Id="InstallWinCollection" Value=""[INSTALLDIR]\cscli.exe" collections install crowdsecurity/windows" Sequence="execute" Before="InstallWinCollection" />
|
<SetProperty Id="InstallWinCollection" Value=""[INSTALLDIR]\cscli.exe" collections install crowdsecurity/windows crowdsecurity/windows-firewall crowdsecurity/iis crowdsecurity/mssql" Sequence="execute" Before="InstallWinCollection" />
|
||||||
<CustomAction Id="InstallWinCollection" BinaryKey="WixCA" DllEntry="WixQuietExec" Execute="deferred" Return="check" Impersonate="no" />
|
<CustomAction Id="InstallWinCollection" BinaryKey="WixCA" DllEntry="WixQuietExec" Execute="deferred" Return="ignore" Impersonate="no" />
|
||||||
<SetProperty Id="FixPermissionsCreds" Value=""icacls.exe" C:\ProgramData\CrowdSec\config\*_api_credentials.yaml /inheritance:r /grant:r *S-1-5-32-544:(F)" Sequence="execute" Before="FixPermissionsCreds" />
|
<SetProperty Id="FixPermissionsCreds" Value=""icacls.exe" C:\ProgramData\CrowdSec\config\*_api_credentials.yaml /inheritance:r /grant:r *S-1-5-32-544:(F)" Sequence="execute" Before="FixPermissionsCreds" />
|
||||||
<CustomAction Id="FixPermissionsCreds" BinaryKey="WixCA" DllEntry="WixQuietExec" Execute="deferred" Return="check" Impersonate="no" />
|
<CustomAction Id="FixPermissionsCreds" BinaryKey="WixCA" DllEntry="WixQuietExec" Execute="deferred" Return="check" Impersonate="no" />
|
||||||
<SetProperty Id="FixPermissionsNotif" Value=""icacls.exe" C:\ProgramData\CrowdSec\config\notifications\*.yaml /inheritance:r /grant:r *S-1-5-32-544:(F)" Sequence="execute" Before="FixPermissionsNotif" />
|
<SetProperty Id="FixPermissionsNotif" Value=""icacls.exe" C:\ProgramData\CrowdSec\config\notifications\*.yaml /inheritance:r /grant:r *S-1-5-32-544:(F)" Sequence="execute" Before="FixPermissionsNotif" />
|
||||||
<CustomAction Id="FixPermissionsNotif" BinaryKey="WixCA" DllEntry="WixQuietExec" Execute="deferred" Return="check" Impersonate="no" />
|
<CustomAction Id="FixPermissionsNotif" BinaryKey="WixCA" DllEntry="WixQuietExec" Execute="deferred" Return="check" Impersonate="no" />
|
||||||
<SetProperty Id="RegisterMachine" Value=""[INSTALLDIR]\cscli.exe" machines add -a" Sequence="execute" Before="RegisterMachine" />
|
<SetProperty Id="RegisterMachine" Value=""[INSTALLDIR]\cscli.exe" machines add -a" Sequence="execute" Before="RegisterMachine" />
|
||||||
<CustomAction Id="RegisterMachine" BinaryKey="WixCA" DllEntry="WixQuietExec" Execute="deferred" Return="check" Impersonate="no" />
|
<CustomAction Id="RegisterMachine" BinaryKey="WixCA" DllEntry="WixQuietExec" Execute="deferred" Return="ignore" Impersonate="no" />
|
||||||
<SetProperty Id="RegisterCAPI" Value=""[INSTALLDIR]\cscli.exe" capi register" Sequence="execute" Before="RegisterMachine" />
|
<SetProperty Id="RegisterCAPI" Value=""[INSTALLDIR]\cscli.exe" capi register" Sequence="execute" Before="RegisterMachine" />
|
||||||
<CustomAction Id="RegisterCAPI" BinaryKey="WixCA" DllEntry="WixQuietExec" Execute="deferred" Return="check" Impersonate="no" />
|
<CustomAction Id="RegisterCAPI" BinaryKey="WixCA" DllEntry="WixQuietExec" Execute="deferred" Return="ignore" Impersonate="no" />
|
||||||
<InstallExecuteSequence>
|
<InstallExecuteSequence>
|
||||||
<WriteEnvironmentStrings />
|
<WriteEnvironmentStrings />
|
||||||
<Custom Action="HubUpdate" After="InstallFiles">NOT Installed AND NOT REMOVE</Custom>
|
<Custom Action="HubUpdate" After="InstallFiles">NOT Installed AND NOT REMOVE</Custom>
|
||||||
|
|
Loading…
Reference in a new issue