I am new here and don't know where to start or ask this question.But, is there a way to add a function to the pipeline to drop
for windows event logs that are sent via syslog to a separate SIEM that only collects logs via syslog?Below is an example of how the logs are post-processed in syslog.`
Process Information:
Process ID:
`
Question
is there a way to add a function to drop for windows event logs that are sent via syslog?
Yep
Use the Mask Function
You might also need `
` and `
` and use the global g and m for multiline flag
I DM'd you.
All fixed with Mask
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.