From c573226421ca9cdc6162ccccd5d14d1986b3e9a5 Mon Sep 17 00:00:00 2001
From: edoardovicendone <74540044+edoardovicendone@users.noreply.github.com>
Date: Mon, 4 Dec 2023 15:41:14 +0100
Subject: [PATCH] Update eventtypes.conf

tags are deprecated in eventtypes.conf
see:
https://docs.splunk.com/Documentation/Splunk/latest/Admin/Eventtypesconf

tags = <string>
* DEPRECATED - see tags.conf.spec
---
 default/eventtypes.conf | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/default/eventtypes.conf b/default/eventtypes.conf
index bd1004c..0584239 100644
--- a/default/eventtypes.conf
+++ b/default/eventtypes.conf
@@ -1,11 +1,8 @@
 [ms-windefender-operation]
 search = source="*WinEventLog:*Defender*" NOT category IN ("detection")
-tags = malware operations
 
 [ms-windefender-attack]
 search = source="*WinEventLog:*Defender*" category IN ("detection")
-tags = malware attack
 
 [ms-windefender-alert]
 search = source="*WinEventLog:*Defender*" category IN ("detection") AND action IN ("deferred", "allowed")
-tags = alert