Obs/bin/GMA/Monitoring/Agent/initconfig/2.0/Standard/AzSecMdsAppLockerHE.xml
|
<?xml version="1.0" encoding="utf-8"?>
<MonitoringManagement version="1.0" timestamp="2023-06-08T00:58:42.4731192Z"> <!-- Autogenerated version comment - DO NOT REMOVE: AzSecPackShipVersion=4.27.0.4 --> <!-- All AppLocker event logs are collected. --> <Imports> <Import file="AzSecMdsAppLockerHEOffline.xml" forceLocal="true" /> </Imports> <Events> <EventDeclarations storeType="CentralBond"> <!-- Events that are already known to the team --> <Declaration eventName="AsmSLALExe" account="MdsCHostShared" /> <Declaration eventName="AsmSLALScr" account="MdsCHostShared" /> <Declaration eventName="AsmSLALApps" account="MdsCHostShared" /> <Declaration eventName="AsmSLALAlerts" account="MdsCHostShared" /> <Declaration eventName="AsmSLALData" account="MdsCHostShared" /> <Declaration eventName="AsmSpInvSysLoc" account="MdsCHostShared" /> <Declaration eventName="AsmSLALInv" account="MdsCHostShared" /> <Declaration eventName="AsmSLALDiag" account="MdsCHostShared" /> <!-- Few more entries for reserved columns--> <Declaration eventName="AsmSLALAl" account="MdsCHostShared" /> <Declaration eventName="AsmSLALRes" account="MdsCHostShared" /> </EventDeclarations> </Events> <EventStreamingAnnotations> <EventStreamingAnnotation name="^AsmSLALExe$"> <Cosmos> <Content><![CDATA[<Config />]]></Content> </Cosmos> </EventStreamingAnnotation> <EventStreamingAnnotation name="^AsmSLALScr$"> <Cosmos> <Content><![CDATA[<Config />]]></Content> </Cosmos> </EventStreamingAnnotation> <EventStreamingAnnotation name="^AsmSLALApps$"> <Cosmos> <Content><![CDATA[<Config />]]></Content> </Cosmos> </EventStreamingAnnotation> <EventStreamingAnnotation name="^AsmSLALAlerts$"> <Cosmos> <Content><![CDATA[<Config />]]></Content> </Cosmos> </EventStreamingAnnotation> <EventStreamingAnnotation name="^AsmSLALInv$"> <Cosmos> <Content><![CDATA[<Config />]]></Content> </Cosmos> </EventStreamingAnnotation> <EventStreamingAnnotation name="^AsmSLALAl$"> <Cosmos> <Content><![CDATA[<Config />]]></Content> </Cosmos> </EventStreamingAnnotation> <EventStreamingAnnotation name="^AsmSLALData$"> <Cosmos> <Content><![CDATA[<Config />]]></Content> </Cosmos> </EventStreamingAnnotation> <EventStreamingAnnotation name="^AsmSLALRes$"> <Cosmos> <Content><![CDATA[<Config />]]></Content> </Cosmos> </EventStreamingAnnotation> <EventStreamingAnnotation name="^AsmSpInvSysLoc$"> <Cosmos> <Content><![CDATA[<Config />]]></Content> </Cosmos> </EventStreamingAnnotation> <EventStreamingAnnotation name="^AsmSLALDiag$"> <Cosmos> <Content><![CDATA[<Config />]]></Content> </Cosmos> </EventStreamingAnnotation> </EventStreamingAnnotations> </MonitoringManagement> |