Getting Data In

Disable Windows application Events and allow only specific event ID

abhic25
Explorer

Hi All,

Can anyone advise me on below

I have Windows Application logs disabled already but I need one event ID that should be allowed. 

Labels (2)
Tags (1)
0 Karma

shugup2923
Path Finder

you can give whitelist attribute in monitoring stanza for application events -

For ref - https://docs.splunk.com/Documentation/SplunkCloud/8.2.2106/Data/MonitorWindowseventlogdata 

0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...