deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-16 10:53:43 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Update use-windows-event-forwarding-to-assist-in-instrusion-detection.md

Browse Source
This commit is contained in:
Mattias Borg
2017-10-27 11:47:36 +02:00
committed by GitHub
parent f6d122d826
commit 460d370227
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
windows/threat-protection/use-windows-event-forwarding-to-assist-in-instrusion-detection.md
View File

@ -606,9 +606,9 @@ Here are the minimum steps for WEF to operate:
<Query Id="7" Path="Microsoft-Windows-DNS-Client/Operational">
<!-- DNS Client events Query Completed (3008) -->
<Select Path="Microsoft-Windows-DNS-Client/Operational">*[System[(EventID=3008)]]</Select>
<!suppresses local machine name resolution events-->
<!-- suppresses local machine name resolution events -->
<Suppress Path="Microsoft-Windows-DNS-Client/Operational">*[EventData[Data[@Name="QueryOptions"]="140737488355328"]]</Suppress>
<!suppresses empty name resolution events -->
<!-- suppresses empty name resolution events -->
<Suppress Path="Microsoft-Windows-DNS-Client/Operational">*[EventData[Data[@Name="QueryResults"]=""]]</Suppress>
</Query>
<Query Id="8" Path="Security">
@ -636,7 +636,7 @@ Here are the minimum steps for WEF to operate:
<Select Path="Microsoft-Windows-DriverFrameworks-UserMode/Operational">*[System[(EventID=2004)]]</Select>
</Query>
<Query Id="14" Path=" Windows PowerShell">
<!Legacy PowerShell pipeline execution details (800) -->
<!-- Legacy PowerShell pipeline execution details (800) -->
<Select Path=" Windows PowerShell">*[System[(EventID=800)]]</Select>
</Query>
</QueryList>