Windows.ETW.Monitoring artifact #

This artifact contains rules designed to monitoring a windows host based on ETW streams.

You can download the artifact pack here Windows-ETW-Monitoring.zip and customize using instructions at Customizing Artifacts