Skip to content
This repository was archived by the owner on Dec 30, 2023. It is now read-only.

Update props.conf #4

Open
edoardovicendone wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update props.conf #4

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion default/props.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ EVAL-datetime = strptime(replace(SystemTime,"'",""), "%Y-%m-%dT%H:%M:%S.%fZ")
# [X] ALERT action - The action taken by the IDS (allowed, blocked)
# [X] MALWARE action - The action taken by the reporting device (allowed, blocked, deferred)
LOOKUP-0Action_ID = windefender_action_lookup Action_ID OUTPUTNEW Action_Name,action
LOOKUP-CategoryString_for_windows = windefender_signature_lookup signature_id OUTPUTNEW action, CategoryString AS category, result, signature, subsystem
LOOKUP-CategoryString_for_windows = windefender_signature_lookup signature_id OUTPUTNEW action, CategoryString AS category, result, signature AS signature_id_description, subsystem
# FIELDALIAS-category = CategoryString AS category
# [X] ALERT category - The vendor-provided category of the triggered signature, such as spyware.
# [X] MALWARE category - The category of the malware event, such as keylogger or ad-supported program
Expand Down Expand Up @@ -98,6 +98,7 @@ LOOKUP-severity = windefender_severity_lookup Severity_ID OUTPUT Severity_Name,s
# ! Attention: Reset signature in datamodel creation query and leave as is for windows logging compliance
EVAL-threat_name = Threat_Name
EVAL-signature_version = Current_Signature_Version
EVAL-signature = Threat_Name

# [ ] ALERT transport - The OSI layer 4 (transport) protocol of the intrusion, in lower case.

Expand Down