fieldmappings:
    dst:
        - network.remote.address.ip
    dst_ip:
        - network.remote.address.ip
    src:
        - network.local.address.ip
    src_ip:
        - network.local.address.ip
    file_hash:
        - file.hash.md5
        - file.hash.sha256
    NewProcessName: process.name
    ServiceName: process.name
    ServiceFileName: process.name
    TargetObject: registry.path