1E SDK

Triggers when a Windows registry key changes.

Hive (string): The name of the registry hive containing the key. Only HKLM and HKCR are supported, although case is insignificant.

Subkey (string): The name of the registry key.

IncludeSubkeys (optional string, values "true" or "false", default "false"): Whether to detect changes in subkeys too.

<?xml version="1.0" encoding="UTF-8"?>
<TriggerTemplate Name="WindowsRegistryChange" Category="Event" Description="When a registry key changes (Windows only)" Type="WindowsRegistryChange" ReadablePayload="On change of registry values in "%hive%\%subkey%" (include subkeys=%includeSubkeys%)">
  <AgentParameters>
    <Parameter Name="Hive" Value="%hive%" />
    <Parameter Name="Subkey" Value="%subkey%" />
    <Parameter Name="IncludeSubkeys" Value="%includeSubkeys%" />
  </AgentParameters>
  <UserParameterJson><![CDATA[[{"Name":"Hive","Pattern":"%hive%","DataType":"string","ControlType":"valuePicker","ControlMetadata":null,"Placeholder":"hive","DefaultValue":"HKLM","Validation":{"Regex":null,"MaxLength":"4","AllowedValues":["HKLM","HKCR"],"NumValueRestrictions":null},"Value":null,"HintText":null,"Source":null},{"Name":"Subkey","Pattern":"%subkey%","DataType":"string","ControlType":"freeText","ControlMetadata":null,"Placeholder":"subkey","DefaultValue":null,"Validation":{"Regex":null,"MaxLength":"1024","AllowedValues":null,"NumValueRestrictions":null},"Value":null,"HintText":null,"Source":null},{"Name":"IncludeSubkeys","Pattern":"%includeSubkeys%","DataType":"string","ControlType":"valuePicker","ControlMetadata":null,"Placeholder":"includeSubkeys","DefaultValue":"true","Validation":{"Regex":null,"MaxLength":"4","AllowedValues":["true","false"],"NumValueRestrictions":null},"Value":null,"HintText":null,"Source":null}]]]></UserParameterJson>
</TriggerTemplate>

Uses the Windows Registry change notification APIs to fire when a registry key changes