add eval guide bits - cfa near ready

2025-06-21 13:23:36 +00:00 · 2017-08-10 17:50:23 -07:00
parent 5708cd3490
commit a2dcf99d30
11 changed files with 663 additions and 21 deletions
--- a/windows/threat-protection/windows-defender-exploit-guard/scripts/cfa-events.xml
+++ b/windows/threat-protection/windows-defender-exploit-guard/scripts/cfa-events.xml
@ -0,0 +1 @@
+<ViewerConfig><QueryConfig><QueryParams><Simple><Channel>Microsoft-Windows-Windows Defender/Operational,Microsoft-Windows-Windows Defender/WHC</Channel><EventId>1123,1124,5007</EventId><RelativeTimeInfo>0</RelativeTimeInfo><BySource>False</BySource></Simple></QueryParams><QueryNode><Name>Controlled folder access view</Name><QueryList><Query Id="0" Path="Microsoft-Windows-Windows Defender/Operational"><Select Path="Microsoft-Windows-Windows Defender/Operational">*[System[(EventID=1123 or EventID=1124 or EventID=5007)]]</Select><Select Path="Microsoft-Windows-Windows Defender/WHC">*[System[(EventID=1123 or EventID=1124 or EventID=5007)]]</Select></Query></QueryList></QueryNode></QueryConfig></ViewerConfig>
				`@ -0,0 +1 @@`
				<ViewerConfig><QueryConfig><QueryParams><Simple><Channel>Microsoft-Windows-Windows Defender/Operational,Microsoft-Windows-Windows Defender/WHC</Channel><EventId>1123,1124,5007</EventId><RelativeTimeInfo>0</RelativeTimeInfo><BySource>False</BySource></Simple></QueryParams><QueryNode><Name>Controlled folder access view</Name><QueryList><Query Id="0" Path="Microsoft-Windows-Windows Defender/Operational"><Select Path="Microsoft-Windows-Windows Defender/Operational">[System[(EventID=1123 or EventID=1124 or EventID=5007)]]</Select><Select Path="Microsoft-Windows-Windows Defender/WHC">[System[(EventID=1123 or EventID=1124 or EventID=5007)]]</Select></Query></QueryList></QueryNode></QueryConfig></ViewerConfig>