YAML config for exploit protection events based on attack surface reduction events

YAML file for exploit protection events based on ‘View attack surface reduction events’
Follow the comments below to determine descriptions of these events.
  #for attack surface reduction rule events, controlled folder access events
  - name: Microsoft-Windows-Windows Defender/Operational
    processors:
      - drop_event.when.not.or:
        - equals.winlog.event_id: 1121
        - equals.winlog.event_id: 1122
        - equals.winlog.event_id: 1123
        - equals.winlog.event_id: 1124
        - equals.winlog.event_id: 5007
    - name: Microsoft-Windows-Windows Defender/WHC
    processors:
      - drop_event.when.not.or:
        - equals.winlog.event_id: 1121
        - equals.winlog.event_id: 1122
        - equals.winlog.event_id: 5007
        - equals.winlog.event_id: 1123
        - equals.winlog.event_id: 1124
        - equals.winlog.event_id: 5007
    #for exploit protection events
    - name: Microsoft-Windows-Security-Mitigations/KernelMode
    processors:
      - drop_event.when.not.or:
        - equals.winlog.event_id: 1
        - equals.winlog.event_id: 24
        - equals.winlog.event_id: 5
        - equals.winlog.event_id: 260
      provider: Microsoft-Windows-Security-Mitigations, Microsoft-Windows-Win32k, Microsoft-Windows-WER-Diag, Win32k
    #for exploit protection events
    - name: Microsoft-Windows-Security-Mitigations/KernelMode
    processors:
      - drop_event.when.not.or:
        - equals.winlog.event_id: 1
        - equals.winlog.event_id: 24
        - equals.winlog.event_id: 5
        - equals.winlog.event_id: 260
      provider: Microsoft-Windows-Security-Mitigations, Microsoft-Windows-Win32k, Microsoft-Windows-WER-Diag, Win32k
   - name: Microsoft-Windows-Win32k/Concurrency
    processors:
      - drop_event.when.not.or:
        - equals.winlog.event_id: 1
        - equals.winlog.event_id: 24
        - equals.winlog.event_id: 5
        - equals.winlog.event_id: 260
     provider: Microsoft-Windows-Security-Mitigations, Microsoft-Windows-Win32k, Microsoft-Windows-WER-Diag, Win32k
   - name: Microsoft-Windows-Win32k/Contention
    processors:
      - drop_event.when.not.or:
        - equals.winlog.event_id: 1
        - equals.winlog.event_id: 24
        - equals.winlog.event_id: 5
        - equals.winlog.event_id: 260
     provider: Microsoft-Windows-Security-Mitigations, Microsoft-Windows-Win32k, Microsoft-Windows-WER-Diag, Win32k
   - name: Microsoft-Windows-Win32k/Message
    processors:
      - drop_event.when.not.or:
        - equals.winlog.event_id: 1
        - equals.winlog.event_id: 24
        - equals.winlog.event_id: 5
        - equals.winlog.event_id: 260
     provider: Microsoft-Windows-Security-Mitigations, Microsoft-Windows-Win32k, Microsoft-Windows-WER-Diag, Win32k
   - name: Microsoft-Windows-Win32k/Operational
    processors:
      - drop_event.when.not.or:
        - equals.winlog.event_id: 1
        - equals.winlog.event_id: 24
        - equals.winlog.event_id: 5
        - equals.winlog.event_id: 260
     provider: Microsoft-Windows-Security-Mitigations, Microsoft-Windows-Win32k, Microsoft-Windows-WER-Diag, Win32k
   - name: Microsoft-Windows-Win32k/Power
    processors:
      - drop_event.when.not.or:
        - equals.winlog.event_id: 1
        - equals.winlog.event_id: 24
        - equals.winlog.event_id: 5
        - equals.winlog.event_id: 260
     provider: Microsoft-Windows-Security-Mitigations, Microsoft-Windows-Win32k, Microsoft-Windows-WER-Diag, Win32k
   - name: Microsoft-Windows-Win32k/Render
    processors:
      - drop_event.when.not.or:
        - equals.winlog.event_id: 1
        - equals.winlog.event_id: 24
        - equals.winlog.event_id: 5
        - equals.winlog.event_id: 260
     provider: Microsoft-Windows-Security-Mitigations, Microsoft-Windows-Win32k, Microsoft-Windows-WER-Diag, Win32k
   - name: Microsoft-Windows-Win32k/Tracing
    processors:
      - drop_event.when.not.or:
        - equals.winlog.event_id: 1
        - equals.winlog.event_id: 24
        - equals.winlog.event_id: 5
        - equals.winlog.event_id: 260
     provider: Microsoft-Windows-Security-Mitigations, Microsoft-Windows-Win32k, Microsoft-Windows-WER-Diag, Win32k
   - name: Microsoft-Windows-Win32k/UIPI
    processors:
      - drop_event.when.not.or:
        - equals.winlog.event_id: 1
        - equals.winlog.event_id: 24
        - equals.winlog.event_id: 5
        - equals.winlog.event_id: 260
     provider: Microsoft-Windows-Security-Mitigations, Microsoft-Windows-Win32k, Microsoft-Windows-WER-Diag, Win32k
  #This may be moved to another section for System related events
   - name: System
    processors:
      - drop_event.when.not.or:
        - equals.winlog.event_id: 1
        - equals.winlog.event_id: 24
        - equals.winlog.event_id: 5
        - equals.winlog.event_id: 260
     provider: Microsoft-Windows-Security-Mitigations, Microsoft-Windows-Win32k, Microsoft-Windows-WER-Diag, Win32k
   - name: Microsoft-Windows-Security-Mitigations/UserMode
    processors:
      - drop_event.when.not.or:
        - equals.winlog.event_id: 1
        - equals.winlog.event_id: 24
        - equals.winlog.event_id: 5
        - equals.winlog.event_id: 260
    provider:
      - Microsoft-Windows-Security-Mitigations, Microsoft-Windows-Win32k, Microsoft-Windows-WER-Diag, Win32k
     #for network protection Events
   - name: Microsoft-Windows-Windows Defender/Operational
    processors:
      - drop_event.when.not.or:
        - equals.winlog.event_id: 1125
        - equals.winlog.event_id: 1126
        - equals.winlog.event_id: 5007
     provider: System
   - name: Microsoft-Windows-Windows Defender/WHC
    processors:
      - drop_event.when.not.or:
        - equals.winlog.event_id: 1125
        - equals.winlog.event_id: 1126
        - equals.winlog.event_id: 5007
     provider: System
     #TEST FOR POWERSHELL
   - name: Microsoft-Windows-PowerShell/Operational
   - name: Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Operational
   - name: Windows PowerShell
YMMV! Your mileage may vary.