Can I add my owen IDs to Eventid.Net

wyomoose · ‎05-15-2020

I am looking for a App that I can take and taylor to a list of eventids that we want to Audit. We like the Eventid.net app but the list of IDs is pretty limited. I would like to take that and maybe just add more IDs to the lookup table or somehow taylor it for us. Any suggestions would be appreciated.

wyomoose · ‎05-18-2020

Thanks for the reply and stay safe over there. Yep we have the events we want to monitor. I was referring to the Eventid.net apps lookup table called" eventid_interesting_events" I was hoping I could add what we wanted to it and maybe tweak a couple other files and make it work. Sounds like it might just be easier to make our own.

gcusello · ‎05-17-2020

Hi @wyomoose,
are you speaking of Microsoft EventCodes?
if yes, see at https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/ or in another similar site found on Google.

Otherwise find your list in internet and create your own EventId lookup; I have many lookups ready for my custom applications.
This is the best approacch so you can create the lookups as you like.

Ciao.
Giuseppe

gcusello · ‎05-18-2020

Hi @wyomoose,
if you have a lookup, you can modify it using Lookup Editor, respecting the information and rules used in this lookup:

event_id,
source,
description

Ciao.
Giuseppe

Can I add my owen IDs to Eventid.Net

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life