valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-06 09:25:17 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #2087 from frack113/fix_targetusername

Browse Source 
fix TargetUserName and TargetUserSid for detection
This commit is contained in:
frack113 2021-09-28 06:27:54 +02:00 committed by GitHub
commit 90d4508d6e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
tools/config/winlogbeat-modules-enabled.yml
View File

@ -468,12 +468,8 @@ fieldmappings:
TargetOutboundUserName: winlog.event_data.TargetOutboundUserName
TargetServerName: winlog.event_data.TargetServerName
TargetSid: winlog.event_data.TargetSid
TargetUserName:
service=security: user.name
default: winlog.event_data.TargetUserName
TargetUserSid:
service=security: user.id
default: winlog.event_data.TargetUserSid
TargetUserName: winlog.event_data.TargetUserName
TargetUserSid: winlog.event_data.TargetUserSid
TaskContent: winlog.event_data.TaskContent
TaskName: winlog.event_data.TaskName
TicketEncryptionType: winlog.event_data.TicketEncryptionType