-
Notifications
You must be signed in to change notification settings - Fork 201
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for "Windows Filtering Platform (WFP)" #184
Comments
Hello @maxverro Thanks fro reporting that, as you can see below i'm extracting more fields :
I will make sure to include this change in a PR. I will close the issue for the moment, Feel free to re-open it if you judge any more fields should be extracted or any enhancement. regards, |
This PR related to this issue #184, tend to cover WFP logs by the windows Decoder
Hi @elwali10, thanks for the PR. I'll pull the change and test the decoder within the next few days. But it looks good to me. Just out of curiosity do you know if Wazuh plans to respect the Elastic Common Schema (which is still in beta). It would be really nice if we could correlate Wazuh alerts with other logs using those common. field set. |
This PR related to this issue #184, tend to cover WFP logs by the windows Decoder
WFP Events provide auditing of firewall and IPsec related events. They are stored in the security log.
Full documentation available https://docs.microsoft.com/en-us/windows/desktop/fwp/auditing-and-logging.
At the moment they are being handled by the generic decoder. Most of the fields are not extracted.
The text was updated successfully, but these errors were encountered: