valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 09:48:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

add security 7045

Browse Source
This commit is contained in:
frack113 2021-08-04 15:46:05 +02:00
parent 47086d5d78
commit 481cd9aca1
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
tools/config/winlogbeat-modules-enabled.yml
View File

@ -138,7 +138,6 @@ fieldmappings:
HostVersion: winlog.event_data.HostVersion
Image: process.executable
ImageLoaded: file.path
ImagePath: winlog.event_data.ImagePath
IpAddress: source.ip
IpPort: source.port
KeyLength: winlog.event_data.KeyLength
@ -162,7 +161,6 @@ fieldmappings:
ScriptBlockText: powershell.file.script_block_text
SecurityID: winlog.event_data.SecurityID
ServiceFileName: winlog.event_data.ServiceFileName
ServiceName: winlog.event_data.ServiceName
ShareName: winlog.event_data.ShareName
Signature: winlog.event_data.Signature
Source: winlog.event_data.Source
@ -288,4 +286,11 @@ fieldmappings:
Imphash:
category=driver_load: hash.imphash
category=image_load: file.hash.imphash
default: process.pe.imphash
default: process.pe.imphash
#security 7045
ServiceName:
service=security: winlog.event_data.ServiceName
default: service.name
ImagePath: winlog.event_data.ImagePath
ServiceType: winlog.event_data.ServiceType
StartType: winlog.event_data.ServiceStartType