valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-06 17:35:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Updated Winlogbeat Modules config based on: 048c3cc19b/x-pack/winlogbeat/module/powershell/config/winlogbeat-powershell.js (L171-L178)

Browse Source
This commit is contained in:
JohnConnorRF 2021-05-05 10:25:36 -04:00
parent 3926e2388f
commit 1574d263cc
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
tools/config/winlogbeat-modules-enabled.yml
View File

@ -135,7 +135,7 @@ fieldmappings:
Product: winlog.event_data.Product
Properties: winlog.event_data.Properties
RuleName: winlog.event_data.RuleName
ScriptBlockText: winlog.event_data.ScriptBlockText
ScriptBlockText: powershell.file.script_block_text
SecurityID: winlog.event_data.SecurityID
ServiceFileName: winlog.event_data.ServiceFileName
ServiceName: winlog.event_data.ServiceName