Obs/bin/GMA/Monitoring/Agent/initconfig/2.0/Standard/AzSecMdsVulnScanOffline-Content.xml
|
<?xml version="1.0" encoding="utf-8"?>
<MonitoringManagement version="1.0" timestamp="2023-06-08T00:58:42.4731192Z"> <!-- Autogenerated version comment - DO NOT REMOVE: AzSecPackShipVersion=4.27.0.4 --> <Events> <FileMonitors storeType="CentralBond"> <FileWatchItem eventName="AsmVsaFMSnap" container="shava-snapshots" account="AzSecurityStore" compressionType="none" directoryQuotaInMB="100" uploadDelayInSeconds="10" retentionInDays="5" removeEmptyDirectories="true"> <Directory><![CDATA[Concat("", GetEnvironmentVariable("LOCALAPPDATA"), "\ShavaVulnScanSnap")]]></Directory> </FileWatchItem> </FileMonitors> <DerivedEvents> <DerivedEvent source="AsmScannerData" eventName="AsmVsaData" account="AzSecurityStore" duration="PT5M" priority="Normal" retryTimeout="PT1H" storeType="CentralBond" whereToRun="Local" retentionInDays="30"> <Query><![CDATA[ let ReportingIdentity=GetStaticEnvironmentVariable("MA_HEARTBEAT_IDENTITY") let AssetIdentity=GetStaticEnvironmentVariable("MA_AZURE_IDENTITY") let NodeIdentity="" let NodeType="" where EventProvider = "OffNodeVulnScan" select ReportingIdentity, AssetIdentity, NodeIdentity, NodeType, EventProvider, EventType, EventPayload, Truncated, TotalChunks, ChunkId, ChunkReference, UserField1, UserField2, UserField3, UserField4, UserField5 ]]></Query> </DerivedEvent> <DerivedEvent source="AsmDiagnostics" eventName="AsmVsaDiag" account="AzSecurityStore" duration="PT15M" priority="Normal" retryTimeout="PT1H" storeType="CentralBond" whereToRun="Local" retentionInDays="30"> <Query><![CDATA[ let ReportingIdentity=GetStaticEnvironmentVariable("MA_HEARTBEAT_IDENTITY") let AssetIdentity=GetStaticEnvironmentVariable("MA_AZURE_IDENTITY") let NodeIdentity="" let NodeType="" where EventProvider = "OffNodeVulnScan" && (EventType = "Error" || EventType = "Warning") select ReportingIdentity, AssetIdentity, NodeIdentity, NodeType, EventProvider, EventType, EventPayload, Truncated, TotalChunks, ChunkId, ChunkReference, UserField1, UserField2, UserField3, UserField4, UserField5 ]]></Query> </DerivedEvent> <DerivedEvent source="AsmAlertsData" eventName="AsmVsaAl" account="AzSecurityStore" duration="PT1M" priority="Normal" retryTimeout="PT1H" storeType="CentralBond" whereToRun="Local" retentionInDays="30"> <Query><![CDATA[ let ReportingIdentity=GetStaticEnvironmentVariable("MA_HEARTBEAT_IDENTITY") let AssetIdentity=GetStaticEnvironmentVariable("MA_AZURE_IDENTITY") let NodeIdentity="" let NodeType="" where EventProvider = "OffNodeVulnScan" select ReportingIdentity, AssetIdentity, NodeIdentity, NodeType, EventProvider, EventType, EventPayload, Truncated, TotalChunks, ChunkId, ChunkReference, UserField1, UserField2, UserField3, UserField4, UserField5 ]]></Query> </DerivedEvent> </DerivedEvents> </Events> </MonitoringManagement> |