valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-06 09:25:17 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add SourceUser and TargetUser

Browse Source
This commit is contained in:
frack113 2021-10-27 17:13:34 +02:00 committed by GitHub
parent ce5e4c45f1
commit 781598351d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
tools/config/winlogbeat-modules-enabled.yml
View File

@ -186,6 +186,8 @@ fieldmappings:
ParentImage: process.parent.executable ParentImage: process.parent.executable
ParentCommandLine: process.parent.command_line ParentCommandLine: process.parent.command_line
ParentUser: winlog.event_data.ParentUser #Sysmon 13.30 ParentUser: winlog.event_data.ParentUser #Sysmon 13.30
SourceUser: winlog.event_data.SourceUser #Sysmon 13.30
TargetUser: winlog.event_data.TargetUser #Sysmon 13.30
TargetFilename: file.path TargetFilename: file.path
CreationUtcTime: winlog.event_data.CreationUtcTime CreationUtcTime: winlog.event_data.CreationUtcTime
PreviousCreationUtcTime: winlog.event_data.PreviousCreationUtcTime PreviousCreationUtcTime: winlog.event_data.PreviousCreationUtcTime