mirror of
https://github.com/valitydev/SigmaHQ.git
synced 2024-11-06 01:15:17 +00:00
Add SourceUser and TargetUser
This commit is contained in:
parent
ce5e4c45f1
commit
781598351d
@ -186,6 +186,8 @@ fieldmappings:
|
||||
ParentImage: process.parent.executable
|
||||
ParentCommandLine: process.parent.command_line
|
||||
ParentUser: winlog.event_data.ParentUser #Sysmon 13.30
|
||||
SourceUser: winlog.event_data.SourceUser #Sysmon 13.30
|
||||
TargetUser: winlog.event_data.TargetUser #Sysmon 13.30
|
||||
TargetFilename: file.path
|
||||
CreationUtcTime: winlog.event_data.CreationUtcTime
|
||||
PreviousCreationUtcTime: winlog.event_data.PreviousCreationUtcTime
|
||||
|
Loading…
Reference in New Issue
Block a user