valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-07 09:48:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update winlogbeat.yml

Browse Source 
Change Imphash's value as current one does not exist without the Sysmon processor module under Winlogbeat.
This commit is contained in:
G Y 2021-07-10 11:37:36 +08:00 committed by GitHub
parent 99b0d32cec
commit bdb77780b3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
tools/config/winlogbeat.yml
View File

@ -133,7 +133,7 @@ fieldmappings:
Image: winlog.event_data.Image
ImageLoaded: winlog.event_data.ImageLoaded
ImagePath: winlog.event_data.ImagePath
Imphash: winlog.event_data.Imphash
Imphash: winlog.event_data.Hashes
IpAddress: winlog.event_data.IpAddress
KeyLength: winlog.event_data.KeyLength
LogonProcessName: winlog.event_data.LogonProcessName
@ -258,4 +258,4 @@ fieldmappings:
TaskName: winlog.event_data.TaskName
# UserName => smbclient-security eventid:31017
UserName: winlog.event_data.UserName
Workstation : winlog.event_data.Workstation
Workstation : winlog.event_data.Workstation