AutorunsToWinEventLog
Purpose
Log all of the items enumerated by Sysinternals’ Autoruns to the Windows Event Log for easy analysis/searching.
Configuration Details
- Runs once a day
- Triggered by a scheduled task named “AutorunsToWinEventLog”
Data Location
- Splunk
index=wineventlog source=WinEventLog:Autoruns