Good morning all
I have spent a considerable amount of time trawling through the internet to see whether there is a document which 'maps' WMI events to McAfee SIEM signature id's or the likes of? If anyone has or knows whether something like this is available it would be hugely appreciated if they could let me know where it resides or how to obtain it/them?
This may help.
In the Filters pane on the right select Signature ID and then click the Filter List (funnel) icon. In the dialogue that appears select the Windows Tab. Enter the Windows event ID in the (not obvious) text box at the top of the list that is displayed. Select the event type you want from the filtered list.
This will give you the Signature ID for the event in the filter list.