Hello Jack,
I realize this is a rather dated thread but I wanted to provide an answer
for those that may land here through their search engine of preference.
In order to collect events from Windows Defenders you may use the following
configuration:
Microsoft-Windows-Windows
Hi all,
My custom rule id is 530 when it stops triggering the alert, a new rule id
531 wants to trigger. I already have written both rules but my requirement
is to get an only single alert in between again rule id 530 if the trigger
--
---
You received this message because you are
