Hi! Did you solve your problem? I'm looking for extended Windows alerts rules. Can You share with us your decoders and rules for Windows? We'll be very gratefull for You.
On Tuesday, April 17, 2012 9:26:44 PM UTC+4, David Mashburn wrote: > > My apologies in advances, as this is a lengthy message. > > I have been working on custom decoders for Windows events to try to > extract some of the information that is deeper in the body of an event. I > have successfully been able to create a decoder to pull information into > the decoded fields. However, these decoders seem to have problems working > when there is more than one of these 'deep' (for lack of a better word) > custom decoders in local_decoder.xml. All of the log examples below have > been sanitized. >
