AutorunsToWinEventLog


Purpose

Log all of the items enumerated by Sysinternals’ Autoruns to the Windows Event Log for easy analysis/searching.

Configuration Details

  • Runs once a day
  • Triggered by a scheduled task named “AutorunsToWinEventLog”

Data Location

  • Splunk
    • index=wineventlog source=WinEventLog:Autoruns