search

palantir / windows-event-forwarding

A repository for using windows event forwarding for incident detection and response
Other
1.22k stars 268 forks source link

Added Sysmon and Software Restriction Policies Event Logs #10

Closed dstreefkerk closed 6 years ago

dstreefkerk commented 6 years ago

Added Channels and Subscriptions for Sysinternals Sysmon and Software Restriction Policies Event Logs.

palantirtech commented 6 years ago

Thanks for your interest in palantir/windows-event-forwarding, @dstreefkerk! Before we can accept your pull request, you need to sign our contributor license agreement - just visit https://cla.palantir.com/ and follow the instructions. Once you sign, I'll automatically update this pull request.

cryps1s commented 6 years ago

Thanks for reaching out @dstreefkerk. We'll take a look at this within the next few days.

Appreciate the contribution!

Best, Dane

clong commented 6 years ago

Hey @dstreefkerk,

I have to apologize for this - we didn't foresee this issue when first open sourcing the repository, but would you be okay with removing CustomEventChannels.dll from this PR? It's a bit of a liability for us to host a .dll compiled by a third party. I test-compiled your updated manifest, but unfortunately the hash from my resulting dll didn't match yours (probably due to something small like different compiler versions or something).

Once your commit has been merged, we'll go ahead and upload a compiled .dll generated from your updated manifest and update our contribution guidance to account for this case.

dstreefkerk commented 6 years ago

Fair enough, definitely understand that.

I’ll sort it out as soon as I get a chance.

On Thu, 16 Nov 2017 at 10:24, Chris Long notifications@github.com wrote:

Hey @dstreefkerk https://github.com/dstreefkerk,

I have to apologize for this - we didn't foresee this issue when first open sourcing the repository, but would you be okay with removing CustomEventChannels.dll from this PR? It's a bit of a liability for us to host a .dll compiled by a third party. I test-compiled your updated manifest, but unfortunately the hash from my resulting dll didn't match yours (probably due to something small like different compiler versions or something).

Once your commit has been merged, we'll go ahead and upload a compiled .dll generated from your updated manifest and update our contribution guidance to account for this case.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/palantir/windows-event-forwarding/pull/10#issuecomment-344763028, or mute the thread https://github.com/notifications/unsubscribe-auth/AGVqgTqCOknqwDAvYuyvnZWmKFQO3N-Iks5s23KcgaJpZM4QSzZ2 .

dstreefkerk commented 6 years ago

Hi guys, sorry for the delay on this. DLL is now removed.

clong commented 6 years ago

No problem, thank you for contributing!