{"ID":"796e8709-f90f-2b76-636d-017ca931f48f","Version":5,"CreatedAt":1780909227650,"Description":"[OOTB] Microsoft Products via KES WIN NG for KUMA 3.2\n\u003chtml lang=\"en\"\u003e\n\u003cbody\u003e\n  \n  \u003cp\u003e\n\t\u003cb\u003eПримечание\u003c/b\u003e: для KUMA 4.0.1 и новее мы рекомендуем использовать пакет \"[OOTB] Microsoft Products via KES WIN NG for KUMA 4.0.1\" для получения событий Microsoft от KES WIN 12.11.\u003cbr\u003e\n\tНормализатор для некоторых типов событий аудита, генерируемых продуктами компании Microsoft и передаваемых c помощью KES WIN (версии 12.11) в формате JSON. Нормализатор поддерживает обработку некоторых типов событий в формате xml от следующих продуктов Microsoft:\n\t\u003cul\u003e\n\t\t\u003cli\u003eMicrosoft Windows - Security log\u003c/li\u003e\n\t\t\u003cli\u003eMicrosoft Windows - System log\u003c/li\u003e\n\t\t\u003cli\u003eMicrosoft Network Policy Server\u003c/li\u003e\n\t\t\u003cli\u003eMicrosoft - Windows - PowerShell - Operational\u003c/li\u003e\n\t\t\u003cli\u003eMicrosoft Windows PowerShell\u003c/li\u003e\n\t\t\u003cli\u003eMicrosoft Sysmon\u003c/li\u003e\n\t\t\u003cli\u003eMicrosoft Windows Remote Desktop Services\u003c/li\u003e\n\t\t\u003cli\u003eMicrosoft Defender\u003c/li\u003e\n\t\t\u003cli\u003eMicrosoft Active Directory Federation Service (AD FS)\u003c/li\u003e\n\t\t\u003cli\u003eMicrosoft Active Directory Domain Service\u003c/li\u003e\n\t\t\u003cli\u003eMicrosoft Hyper-V\u003c/li\u003e\n\t\t\u003cli\u003eMicrosoft SQL Server\u003c/li\u003e\n\t\t\u003cli\u003eMicrosoft Skype for business - Lync Server log\u003c/li\u003e\n\t\t\u003cli\u003eMicrosoft Windows - System log - Service Control Manager\u003c/li\u003e\n\t\t\u003cli\u003eMicrosoft - Windows - DNS-Server – Audit\u003c/li\u003e\n\t\t\u003cli\u003eMicrosoft – Windows - Group Policy - Operational\u003c/li\u003e\n\t\t\u003cli\u003eMicrosoft Installer (MSI Installer)\u003c/li\u003e\n\t\t\u003cli\u003eMicrosoft - Windows - TaskScheduler - Operational\u003c/li\u003e\n\t\t\u003cli\u003eMicrosoft - Windows - AppLocker\u003c/li\u003e\n\t\t\u003cli\u003eMicrosoft - Windows - WinRM - Operational\u003c/li\u003e\n\t\u003c/ul\u003e\n  \u003c/p\u003e\n\n  \u003cp\u003e\n\t\u003cb\u003eAttention\u003c/b\u003e: for KUMA 4.0.1 and newer it is recommended to use package \"[OOTB] Microsoft Products via KES WIN NG for KUMA 4.0.1\" to receive Microsoft events from KES WIN 12.11.\u003cbr\u003e\n\tNormalizer for some event types that generated by Microsoft Products and transferred to KUMA by the KES WIN (version 12.11) in json format. The normalizer supports processing of some event types in the xml format for the following Microsoft products:\n\t\u003cul\u003e\n\t\t\u003cli\u003eMicrosoft Windows - Security log\u003c/li\u003e\n\t\t\u003cli\u003eMicrosoft Windows - System log\u003c/li\u003e\n\t\t\u003cli\u003eMicrosoft Network Policy Server\u003c/li\u003e\n\t\t\u003cli\u003eMicrosoft - Windows - PowerShell - Operational\u003c/li\u003e\n\t\t\u003cli\u003eMicrosoft Windows PowerShell\u003c/li\u003e\n\t\t\u003cli\u003eMicrosoft Sysmon\u003c/li\u003e\n\t\t\u003cli\u003eMicrosoft Windows Remote Desktop Services\u003c/li\u003e\n\t\t\u003cli\u003eMicrosoft Defender\u003c/li\u003e\n\t\t\u003cli\u003eMicrosoft Active Directory Federation Service (AD FS)\u003c/li\u003e\n\t\t\u003cli\u003eMicrosoft Active Directory Domain Service\u003c/li\u003e\n\t\t\u003cli\u003eMicrosoft Hyper-V\u003c/li\u003e\n\t\t\u003cli\u003eMicrosoft SQL Server\u003c/li\u003e\n\t\t\u003cli\u003eMicrosoft Skype for business - Lync Server log\u003c/li\u003e\n\t\t\u003cli\u003eMicrosoft Windows - System log - Service Control Manager\u003c/li\u003e\n\t\t\u003cli\u003eMicrosoft - Windows - DNS-Server – Audit\u003c/li\u003e\n\t\t\u003cli\u003eMicrosoft – Windows - Group Policy - Operational\u003c/li\u003e\n\t\t\u003cli\u003eMicrosoft Installer (MSI Installer)\u003c/li\u003e\n\t\t\u003cli\u003eMicrosoft - Windows - TaskScheduler - Operational\u003c/li\u003e\n\t\t\u003cli\u003eMicrosoft - Windows - AppLocker\u003c/li\u003e\n\t\t\u003cli\u003eMicrosoft - Windows - WinRM - Operational\u003c/li\u003e\n\t\u003c/ul\u003e\n  \u003c/p\u003e\n\n\u003c/body\u003e\n\u003c/html\u003e","Language":"en","ResourceIDs":["c4331855-e67f-4f22-9104-96b4ac9fa0e7","74dabe56-c51e-4ba5-b524-7c160dcd11fe","25a9c9cf-9b2d-4c75-a24d-8d40f500b093","2b58e92a-2b60-4a7a-a471-a3113f2aa74a","074ee623-4c1c-4fb0-8bf2-40ae90cf43c6","7f77aec8-8747-4800-93c2-4c393410830f","f2b2e350-8d17-415d-9ef1-f5b332df2e25","f36028f0-9b40-40bc-82f8-3a9c500abb80","7bec5db7-c0d2-4ed9-8ad5-ac4af3fc6fdf","cd033aa8-2260-4a78-8d1f-bbb5f014cbae","162fc077-3000-4504-8596-228f35c4c1ba","768a68ad-d0c6-4337-93ab-a47d54766dd1","8915fa7d-6ac3-4320-a653-ad3666596706","2d991758-51fd-4707-a27c-c2bba4ab94d2","628630c7-2e24-46b9-851b-1e3f8ce44fc6","009cc9e1-218a-4b5b-8130-cab85ea9e8f9","91c3b6b7-7bf3-483b-bbf5-6e998d5d748b","12af8d0e-bdc6-4533-b6ea-135ea30868e0"],"Emergency":false}