search

palantir / windows-event-forwarding

A repository for using windows event forwarding for incident detection and response
Other
1.22k stars 267 forks source link

Add WEF subscription for TPM-WMI #6

Closed cryps1s closed 6 years ago

cryps1s commented 7 years ago

Add WEF subscription for TPM-WMI (EventID 1794)

Re: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012

cryps1s commented 6 years ago

Event Log: Windows Log/System Event Source: TPM-WMI Event ID: 1794

cryps1s commented 6 years ago

Handled via branch: https://github.com/palantir/windows-event-forwarding/pull/13