-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathactions.xml
More file actions
executable file
·33 lines (33 loc) · 1.37 KB
/
actions.xml
File metadata and controls
executable file
·33 lines (33 loc) · 1.37 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
<?xml version="1.0" encoding="utf-8"?>
<remv1:Remediation-Plugin xmlns:remv1="RemediationVersion1.xsd" Name="Event Forwarding" Guid="cfcb7a43-a343-499c-90a1-3e5b16994c1b" Version="1" IsLogRhythmPlugin="false">
<remv1:Action Name="Syslog" Command="C:\Windows\System32\WindowsPowershell\v1.0\powershell.exe">
<remv1:ConstantParameter Name="Script" Switch="-file send_syslog.ps1" Order="1" />
<remv1:StringParameter Name="Target Server" Switch="" Order="2" />
<remv1:StringParameter Name="Common Event" Switch="" Order="3" />
<remv1:StringParameter Name="Origin Host" Switch="" Order="4">
<remv1:DefaultInput>
<remv1:SHostName />
</remv1:DefaultInput>
</remv1:StringParameter>
<remv1:StringParameter Name="Impacted Host" Switch="" Order="5">
<remv1:DefaultInput>
<remv1:DHostName />
</remv1:DefaultInput>
</remv1:StringParameter>
<remv1:StringParameter Name="User Origin" Switch="" Order="6">
<remv1:DefaultInput>
<remv1:Login />
</remv1:DefaultInput>
</remv1:StringParameter>
<remv1:StringParameter Name="User Impacted" Switch="" Order="7">
<remv1:DefaultInput>
<remv1:Account />
</remv1:DefaultInput>
</remv1:StringParameter>
<remv1:StringParameter Name="Object" Switch="" Order="8">
<remv1:DefaultInput>
<remv1:Object />
</remv1:DefaultInput>
</remv1:StringParameter>
</remv1:Action>
</remv1:Remediation-Plugin>