[windows] AppLocker Events for Windows Integration

The plan is to add AppLocker events into the current Windows integration as additional data streams so that users will not have to use the Custom Windows Integration and have to maintain their own events.

This will help simplify some use cases out [there](https://github.com/elastic/integrations/issues/4564), where AppLocker events are needed. Today, this requires 4 Custom Windows Integrations added to a policy.

The 4 channels that will be added over time are:

AppLocker
- [x] EXE and DLL - https://github.com/elastic/integrations/pull/6977 ; https://github.com/elastic/integrations/pull/7229  
- [x] MSI and Script - https://github.com/elastic/integrations/pull/7279
- [x] Packaged app-Deployment - https://github.com/elastic/integrations/pull/7393
- [x] Packaged app-Execution - https://github.com/elastic/integrations/pull/7446

![image](https://github.com/elastic/integrations/assets/5582679/8af1b974-28d2-4eae-ab47-24c2121671f7)

Field mappings, pipelines and of course dashboards will be in the works.

This issue will track the development of these new data streams.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[windows] AppLocker Events for Windows Integration #6979

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

[windows] AppLocker Events for Windows Integration #6979

Description

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions