Hi
I want to monitor all the registry
I have written this code
does it seems to be ok?
thanks
[WinRegMon://hkcr_run]
index = Registry
sourcetype = WinRegistry
proc = C:\.*
hive = \REGISTRY\ROOT\
disabled = 0
baseline = 1
baseline_interval = 86400
type = rename|close|set|delete|open|create|query
[WinRegMon://hkcu_run]
index = Registry
sourcetype = WinRegistry
proc = C:\.*
hive = \REGISTRY\USER\
disabled = 0
baseline = 1
baseline_interval = 86400
type = rename|close|set|delete|open|create|query
[WinRegMon://hklm_run]
index = Registry
sourcetype = WinRegistry
proc = C:\.*
hive = \REGISTRY\MACHINE\
disabled = 0
baseline = 1
baseline_interval = 86400
type = rename|close|set|delete|open|create|query
[WinRegMon://hkus_run]
index = Registry
sourcetype = WinRegistry
proc = C:\.*
hive = \REGISTRY\USERS\
disabled = 0
baseline = 1
baseline_interval = 86400
type = rename|close|set|delete|open|create|query
[WinRegMon://hkcc_run]
index = Registry
sourcetype = WinRegistry
proc = C:\.*
hive = \REGISTRY\CONFIG\
disabled = 0
baseline = 1
baseline_interval = 86400
type = rename|close|set|delete|open|create|query