This repository has been archived by the owner on May 25, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 41
Windows input fix #478
Merged
Merged
Windows input fix #478
Changes from 2 commits
Commits
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> | ||
<System> | ||
<Provider Name="Microsoft-Windows-Security-SPP" Guid="{E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}" EventSourceName="Software Protection Platform Service" /> | ||
<EventID Qualifiers="16384">16384</EventID> | ||
<Version>0</Version> | ||
<Level>4</Level> | ||
<Task>0</Task> | ||
<Opcode>0</Opcode> | ||
<Keywords>0x80000000000000</Keywords> | ||
<TimeCreated SystemTime="2022-04-22T10:20:52.3778625Z" /> | ||
<EventRecordID>23401</EventRecordID> | ||
<Correlation /> | ||
<Execution ProcessID="0" ThreadID="0" /> | ||
<Channel>Application</Channel> | ||
<Computer>computer</Computer> | ||
<Security /> | ||
</System> | ||
<EventData> | ||
<Data>2022-04-28T19:48:52Z</Data> | ||
<Data>RulesEngine</Data> | ||
</EventData> | ||
</Event> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Based on the issue description, it sounds like we might expect only one or the other of these. Is that right? If so, should we parse both here and only set whichever one is populated?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That would be correct, only one of these would be populated, that being said I'm sure that could be done to only populate one of the fields. But I do have a question about that, would this mean getting rid of the
RenderedLevel
field of the EventXML struct, or simply removing that field from the output?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would expect that it only requires a change to the body of the log that is emitted.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just to clarify, both may be populated in the XML. The
RenderingInfo
tag contains the "friendly" versions of these fields, for instance,System>Level
may be4
, butRenderingInfo>Level
would beInformational
. In this case, both would be present on the XML returned from windows.Only populating one field might make sense for the sake of removing redundancy, but I just want to clarify.