|
|
| Subject: | Is it possible to create new Event Sub-Class in Transform |
| Author: | [Not Specified] |
| Posted: | 2014-01-21 20:50 |
I created a new Event class \WinEvent and a defautmapping with rule "len('ntvid' > 1)" to collect the event from Windows.
How to use Transform to create new Event Sub-Class like \WinEvent\sourcexxx_IDxxx according to individual EventClassKey for different event
| Subject: | You can't use transform to |
| Author: | [Not Specified] |
| Posted: | 2014-02-03 13:16 |
You can't use transform to create new Event Sub-Classes.....transforms are used to map events to an existing event class.
I would recommend creating new event classes like: \Win\Events\Sec , \Win\Events\Warnings , and etc. and using transform to map those events where you want them based on the component.
Hydruid
| < |
Previous Mapping all Events with a Component that Contains a Word? |
Next wmic Security Policy Limitations? |
> |