From 6439741c6d6d019b1a0b1245c959b0467d643571 Mon Sep 17 00:00:00 2001 From: Alex Dworjan Date: Thu, 19 Oct 2023 13:23:29 -0400 Subject: [PATCH] added firewall events --- .ansible-sign/sha256sum.txt | 2 +- .ansible-sign/sha256sum.txt.sig | 22 ++++++++++---------- roles/winlogbeat/templates/winlogbeat.yml.j2 | 2 +- 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/.ansible-sign/sha256sum.txt b/.ansible-sign/sha256sum.txt index 5b45514..721e23b 100644 --- a/.ansible-sign/sha256sum.txt +++ b/.ansible-sign/sha256sum.txt @@ -53,7 +53,7 @@ fba914c608f1a6ccdad971355139b98f0670fc8e7d51d13dca7a6e65bdc82429 roles/snort_bu eec62140ff6f456fb2fd45adaa8f69866c23ca8ec124ab1abfea08bcca7dccc6 roles/winlogbeat/defaults/main.yml a06c3bed9503b47cfa11d61ff3609dde83b4599b522160f5e14f13088df5ebaf roles/winlogbeat/handlers/main.yml 9780c8e92510aba03fff312c5cc461d8f1b866b269311e16628da76a95bfbafb roles/winlogbeat/tasks/main.yml -862d892300d6fa0c92d6272448c9ebfbb11087845d2d05b9f43d27041a4d05ba roles/winlogbeat/templates/winlogbeat.yml.j2 +9a49b6c03b7fae17462ab2deaf4fd045341c9993dc76846c0bb21026970b556e roles/winlogbeat/templates/winlogbeat.yml.j2 f15fd50d2ee1d7cd5043153a707948b5897de8b1a544b226b33d493f4fe98f95 snortbuildconfig.yml 117d2f3e9d48d0d59d5dcfca9c9829295c1039c7204784c68978778db75e288a templates/cpu-rules.yml.j2 ff3bc0d052a72eb88bf093b9a2b9f31946032ab78dc7c4c742017f161f38763f templates/disk-rules.yml.j2 diff --git a/.ansible-sign/sha256sum.txt.sig b/.ansible-sign/sha256sum.txt.sig index f1e7637..e3c867e 100644 --- a/.ansible-sign/sha256sum.txt.sig +++ b/.ansible-sign/sha256sum.txt.sig @@ -1,14 +1,14 @@ -----BEGIN PGP SIGNATURE----- -iQGzBAABCAAdFiEE/bJvyFHKKJdaZDOLTiIiIXrUDNEFAmUwDiQACgkQTiIiIXrU -DNEElgv6A1wzpOa+etHhEg/5GpLeYHTABA212RmsCiToCqlyAGcDNRJ8ZLeyc1QO -vfe+lPzxYR87U/VQbtMdWfDb2qZ/CZnPNRNbo1Id1QVsNqzgejRAIr8ojMqMz1+i -VcmZlCw4K1Y05eQCxgS5DyjckfZDUz5x0Th4HVzzC8/DhmwM875V6jOzgqKESy5p -5nFJVv97Vdw23uTfkTbX1yg9QyOlHLizeGS9v8qLiIblMvfm0sM0rL+JNBp3hMvQ -H5Hz6ZGBua752vC8L4Uw2gIwJnaqPJ7DEVnMEmGa08sB4dS3CFGqjEVEEusuKcpu -NR4pJ6YE27kMT6c5SIpn0KgI1X/bUK7d7rsPZgfOEFGCel3RTar5SRxMrwJdQ2cW -KQNwpboizS5jvqqW0bdUk5aWP7JUwSgmlCpeGxTJaWyOgvFQut3ZZddWO5vWAV// -GR0q9MSVp0HtwxJOXFIHMnirun/n4yFx58rGAl5MtEg1gR9v56gaIKT9u7ek6pdt -uhEETRZm -=ztj9 +iQGzBAABCAAdFiEE/bJvyFHKKJdaZDOLTiIiIXrUDNEFAmUxZgcACgkQTiIiIXrU +DNGmHwv/f9D/HHoMiK9q6TMd/NzEgLkMBAXud1aRAUBCkKjwPY5MQx9fUlE+kUur +nkEE139PUqFu8IntaFLCrjP40H2SymzoMwN5kYmUpE6QhJly5sQE9+X5Xh7D/c4q +sxHuyxBfY9TrSFZbTQuXjgfD7RWhfqf/zHRwNTsHa8T+WL1vg0fkW51VAeZMOsuS +gJGNAH3i+H8Ba1XItKIQWZxoqTuyU9GiPAig81xFDHOAbaVc9dy2kc6W+qYl3aY9 +/ynDNaKSs3PySbrA+rNiIGXh44zQI8E3NmEVJUvR8SoKsqdwEYOFstuxy+22Eods +BOzkfia01XvHzQgHhW4LT792ij7fDfYN7Ovr9tvrbuPGMZKmcdObz1/T/cgnYdbS +Yj8wek7flD2xmAj8bRg1YSC7t6REFSRLs47Imc37mq/BqhrK5hf3+btVN8mcGHbD +HlLln8eQlFBg3DUn1HoDWWuHE01i3WFc3WWICHRfx1yKeR24WmK6YZKm5aFYIhHP +0MCx1e0P +=6t9A -----END PGP SIGNATURE----- diff --git a/roles/winlogbeat/templates/winlogbeat.yml.j2 b/roles/winlogbeat/templates/winlogbeat.yml.j2 index e97301d..42ed888 100644 --- a/roles/winlogbeat/templates/winlogbeat.yml.j2 +++ b/roles/winlogbeat/templates/winlogbeat.yml.j2 @@ -21,7 +21,7 @@ winlogbeat.event_logs: event_id: 200, 400, 403, 500, 501, 600, 800 - name: Microsoft-Windows-PowerShell/Operational - event_id: 4100, 4103, 4104, 4105, 4106 + event_id: 4100, 4103, 4104, 4105, 4106, 4950, 5025 - name: ForwardedEvents tags: [forwarded]