Obs/bin/GMA/Monitoring/Agent/initconfig/2.0/Standard/AzSecMdsVulnScanOffline-Content.xml

<?xml version="1.0" encoding="utf-8"?>
<MonitoringManagement version="1.0" timestamp="2022-09-09T18:03:54.8774890Z">
  <!-- Autogenerated version comment - DO NOT REMOVE: AzSecPackShipVersion=4.22.0.2 -->
  <Events>
    <FileMonitors storeType="CentralBond">
      <FileWatchItem eventName="AsmVsaFMSnap" container="shava-snapshots" account="AzSecurityStore" compressionType="none" directoryQuotaInMB="100" uploadDelayInSeconds="10" retentionInDays="5" removeEmptyDirectories="true">
        <Directory><![CDATA[Concat("", GetEnvironmentVariable("LOCALAPPDATA"), "\ShavaVulnScanSnap")]]></Directory>
      </FileWatchItem>
    </FileMonitors>
    <DerivedEvents>
      <DerivedEvent source="AsmScannerData" eventName="AsmVsaData" account="AzSecurityStore" duration="PT5M" priority="Normal" retryTimeout="PT1H" storeType="CentralBond" whereToRun="Local" retentionInDays="30">
        <Query><![CDATA[
                        let ReportingIdentity=GetStaticEnvironmentVariable("MA_HEARTBEAT_IDENTITY")
                        let AssetIdentity=GetStaticEnvironmentVariable("MA_AZURE_IDENTITY")
                        let NodeIdentity=""
                        let NodeType=""
                        where EventProvider = "OffNodeVulnScan"
                        select ReportingIdentity,
                            AssetIdentity,
                            NodeIdentity,
                            NodeType,
                            EventProvider,
                            EventType,
                            EventPayload,
                            Truncated,
                            TotalChunks,
                            ChunkId,
                            ChunkReference,
                            UserField1,
                            UserField2,
                            UserField3,
                            UserField4,
                            UserField5
            ]]></Query>
      </DerivedEvent>
      <DerivedEvent source="AsmDiagnostics" eventName="AsmVsaDiag" account="AzSecurityStore" duration="PT15M" priority="Normal" retryTimeout="PT1H" storeType="CentralBond" whereToRun="Local" retentionInDays="30">
        <Query><![CDATA[
                        let ReportingIdentity=GetStaticEnvironmentVariable("MA_HEARTBEAT_IDENTITY")
                        let AssetIdentity=GetStaticEnvironmentVariable("MA_AZURE_IDENTITY")
                        let NodeIdentity=""
                        let NodeType=""
                        where EventProvider = "OffNodeVulnScan" && (EventType = "Error" || EventType = "Warning")
                        select ReportingIdentity,
                            AssetIdentity,
                            NodeIdentity,
                            NodeType,
                            EventProvider,
                            EventType,
                            EventPayload,
                            Truncated,
                            TotalChunks,
                            ChunkId,
                            ChunkReference,
                            UserField1,
                            UserField2,
                            UserField3,
                            UserField4,
                            UserField5
            ]]></Query>
      </DerivedEvent>
      <DerivedEvent source="AsmAlertsData" eventName="AsmVsaAl" account="AzSecurityStore" duration="PT1M" priority="Normal" retryTimeout="PT1H" storeType="CentralBond" whereToRun="Local" retentionInDays="30">
        <Query><![CDATA[
                        let ReportingIdentity=GetStaticEnvironmentVariable("MA_HEARTBEAT_IDENTITY")
                        let AssetIdentity=GetStaticEnvironmentVariable("MA_AZURE_IDENTITY")
                        let NodeIdentity=""
                        let NodeType=""
                        where EventProvider = "OffNodeVulnScan"
                        select ReportingIdentity,
                            AssetIdentity,
                            NodeIdentity,
                            NodeType,
                            EventProvider,
                            EventType,
                            EventPayload,
                            Truncated,
                            TotalChunks,
                            ChunkId,
                            ChunkReference,
                            UserField1,
                            UserField2,
                            UserField3,
                            UserField4,
                            UserField5
            ]]></Query>
      </DerivedEvent>
    </DerivedEvents>
  </Events>
</MonitoringManagement>