TA_ETW icon indicating copy to clipboard operation
TA_ETW copied to clipboard
verified publisher icon vector-sec

Issue with gathered Event IDs

Open paulinacisek92 opened this issue 3 years ago • 6 comments

Hello,

We have installed the app and configured config.yaml to gather a couple of events. From some time we can see that l the logs with EventID 1 are being collected, which we did not configure.

Could you please help me understand on what basis this event is collected?

Regards,

paulinacisek92 avatar Jul 13 '22 11:07 paulinacisek92

@paulinacisek92 can you share your config.yaml?

vector-sec avatar Jul 13 '22 16:07 vector-sec

Hello Eric,

Did you have time to review this issue?

Kind regards, Paulina

sob., 16 lip 2022 o 13:49 Paulina Cisek @.***> napisał(a):

Hi Eric,

Thanks for response, please see attached file.

Kind regards, Paulina

śr., 13 lip 2022 o 18:04 Eric @.***> napisał(a):

@paulinacisek92 https://github.com/paulinacisek92 can you share your config.yaml?

— Reply to this email directly, view it on GitHub https://github.com/vector-sec/TA_ETW/issues/8#issuecomment-1183407518, or unsubscribe https://github.com/notifications/unsubscribe-auth/ALAZ7YMZUCZJJILIFNC3ZV3VT3SHBANCNFSM53OKIRIA . You are receiving this because you were mentioned.Message ID: @.***>

-- Paulina Cisek

-- Paulina Cisek

paulinacisek92 avatar Jul 21 '22 07:07 paulinacisek92

@paulinacisek92 are you able to share your config file?

vector-sec avatar Jul 26 '22 00:07 vector-sec

Hello,

I have shared IT in my previous email.

Kind regards, Paulina

śr., 13 lip 2022, 18:04 użytkownik Eric @.***> napisał:

@paulinacisek92 https://github.com/paulinacisek92 can you share your config.yaml?

— Reply to this email directly, view it on GitHub https://github.com/vector-sec/TA_ETW/issues/8#issuecomment-1183407518, or unsubscribe https://github.com/notifications/unsubscribe-auth/ALAZ7YMZUCZJJILIFNC3ZV3VT3SHBANCNFSM53OKIRIA . You are receiving this because you were mentioned.Message ID: @.***>

paulinacisek92 avatar Jul 26 '22 12:07 paulinacisek92

@paulinacisek92 I do not see it in the issue on GitHub, is it possible to attach it there?

vector-sec avatar Jul 28 '22 20:07 vector-sec

Hi Eric,

Thanks for response, please see attached file.

Kind regards, Paulina

śr., 13 lip 2022 o 18:04 Eric @.***> napisał(a):

@paulinacisek92 https://github.com/paulinacisek92 can you share your config.yaml?

— Reply to this email directly, view it on GitHub https://github.com/vector-sec/TA_ETW/issues/8#issuecomment-1183407518, or unsubscribe https://github.com/notifications/unsubscribe-auth/ALAZ7YMZUCZJJILIFNC3ZV3VT3SHBANCNFSM53OKIRIA . You are receiving this because you were mentioned.Message ID: @.***>

-- Paulina Cisek

paulinacisek92 avatar Oct 11 '22 07:10 paulinacisek92