valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 09:48:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #1667 from leegengyu/patch-10

Browse Source 
Update winlogbeat-modules-enabled.yml - Imphash Field
This commit is contained in:
Florian Roth 2021-07-12 15:37:33 +02:00 committed by GitHub
commit 730e9eb883
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
tools/config/winlogbeat-modules-enabled.yml
View File

@ -146,7 +146,7 @@ fieldmappings:
Image: process.executable
ImageLoaded: file.path
ImagePath: winlog.event_data.ImagePath
Imphash: winlog.event_data.Imphash
Imphash: process.pe.imphash
IpAddress: source.ip
IpPort: source.port
KeyLength: winlog.event_data.KeyLength
@ -279,4 +279,4 @@ fieldmappings:
TaskName: winlog.event_data.TaskName
# UserName => smbclient-security eventid:31017
UserName: winlog.event_data.UserName
Workstation : winlog.event_data.Workstation
Workstation : winlog.event_data.Workstation