valitydev/wazuh-kibana-app
14
0
Fork 0
mirror of https://github.com/valitydev/wazuh-kibana-app.git synced 2024-11-06 18:05:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Added "data.win" known fields

Browse Source
This commit is contained in:
Jesús Ángel 2019-02-27 10:15:46 +01:00
parent 06e0feb73f
commit 42dfb8b2fe
1 changed files with 396 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

396
server/integration-files/known-fields.js
View File

@ -6735,5 +6735,401 @@ export const knownFields = [
searchable: true,
aggregatable: true,
readFromDocValues: true
},
{
name: 'data.win.eventdata.authenticationPackageName',
type: 'string',
count: 0,
scripted: false,
searchable: true,
aggregatable: true,
readFromDocValues: true
},
{
name: 'data.win.eventdata.binary',
type: 'string',
count: 0,
scripted: false,
searchable: true,
aggregatable: true,
readFromDocValues: true
},
{
name: 'data.win.eventdata.data',
type: 'string',
count: 0,
scripted: false,
searchable: true,
aggregatable: true,
readFromDocValues: true
},
{
name: 'data.win.eventdata.image',
type: 'string',
count: 0,
scripted: false,
searchable: true,
aggregatable: true,
readFromDocValues: true
},
{
name: 'data.win.eventdata.impersonationLevel',
type: 'string',
count: 0,
scripted: false,
searchable: true,
aggregatable: true,
readFromDocValues: true
},
{
name: 'data.win.eventdata.keyLength',
type: 'string',
count: 0,
scripted: false,
searchable: true,
aggregatable: true,
readFromDocValues: true
},
{
name: 'data.win.eventdata.logonGuid',
type: 'string',
count: 0,
scripted: false,
searchable: true,
aggregatable: true,
readFromDocValues: true
},
{
name: 'data.win.eventdata.logonProcessName',
type: 'string',
count: 0,
scripted: false,
searchable: true,
aggregatable: true,
readFromDocValues: true
},
{
name: 'data.win.eventdata.logonType',
type: 'string',
count: 0,
scripted: false,
searchable: true,
aggregatable: true,
readFromDocValues: true
},
{
name: 'data.win.eventdata.newState',
type: 'string',
count: 0,
scripted: false,
searchable: true,
aggregatable: true,
readFromDocValues: true
},
{
name: 'data.win.eventdata.parentImage',
type: 'string',
count: 0,
scripted: false,
searchable: true,
aggregatable: true,
readFromDocValues: true
},
{
name: 'data.win.eventdata.processId',
type: 'string',
count: 0,
scripted: false,
searchable: true,
aggregatable: true,
readFromDocValues: true
},
{
name: 'data.win.eventdata.processName',
type: 'string',
count: 0,
scripted: false,
searchable: true,
aggregatable: true,
readFromDocValues: true
},
{
name: 'data.win.eventdata.resourceManager',
type: 'string',
count: 0,
scripted: false,
searchable: true,
aggregatable: true,
readFromDocValues: true
},
{
name: 'data.win.eventdata.subjectDomainName',
type: 'string',
count: 0,
scripted: false,
searchable: true,
aggregatable: true,
readFromDocValues: true
},
{
name: 'data.win.eventdata.subjectLogonId',
type: 'string',
count: 0,
scripted: false,
searchable: true,
aggregatable: true,
readFromDocValues: true
},
{
name: 'data.win.eventdata.subjectUserName',
type: 'string',
count: 0,
scripted: false,
searchable: true,
aggregatable: true,
readFromDocValues: true
},
{
name: 'data.win.eventdata.subjectUserSid',
type: 'string',
count: 0,
scripted: false,
searchable: true,
aggregatable: true,
readFromDocValues: true
},
{
name: 'data.win.eventdata.targetDomainName',
type: 'string',
count: 0,
scripted: false,
searchable: true,
aggregatable: true,
readFromDocValues: true
},
{
name: 'data.win.eventdata.targetLogonId',
type: 'string',
count: 0,
scripted: false,
searchable: true,
aggregatable: true,
readFromDocValues: true
},
{
name: 'data.win.eventdata.targetUserName',
type: 'string',
count: 0,
scripted: false,
searchable: true,
aggregatable: true,
readFromDocValues: true
},
{
name: 'data.win.eventdata.targetUserSid',
type: 'string',
count: 0,
scripted: false,
searchable: true,
aggregatable: true,
readFromDocValues: true
},
{
name: 'data.win.eventdata.transactionId',
type: 'string',
count: 0,
scripted: false,
searchable: true,
aggregatable: true,
readFromDocValues: true
},
{
name: 'data.win.rmSessionEvent.rmSessionId',
type: 'string',
count: 0,
scripted: false,
searchable: true,
aggregatable: true,
readFromDocValues: true
},
{
name: 'data.win.rmSessionEvent.uTCStartTime',
type: 'string',
count: 0,
scripted: false,
searchable: true,
aggregatable: true,
readFromDocValues: true
},
{
name: 'data.win.system.channel',
type: 'string',
count: 0,
scripted: false,
searchable: true,
aggregatable: true,
readFromDocValues: true
},
{
name: 'data.win.system.computer',
type: 'string',
count: 0,
scripted: false,
searchable: true,
aggregatable: true,
readFromDocValues: true
},
{
name: 'data.win.system.eventID',
type: 'string',
count: 0,
scripted: false,
searchable: true,
aggregatable: true,
readFromDocValues: true
},
{
name: 'data.win.system.eventRecordID',
type: 'string',
count: 0,
scripted: false,
searchable: true,
aggregatable: true,
readFromDocValues: true
},
{
name: 'data.win.system.eventSourceName',
type: 'string',
count: 0,
scripted: false,
searchable: true,
aggregatable: true,
readFromDocValues: true
},
{
name: 'data.win.system.keywords',
type: 'string',
count: 0,
scripted: false,
searchable: true,
aggregatable: true,
readFromDocValues: true
},
{
name: 'data.win.system.level',
type: 'string',
count: 0,
scripted: false,
searchable: true,
aggregatable: true,
readFromDocValues: true
},
{
name: 'data.win.system.message',
type: 'string',
count: 0,
scripted: false,
searchable: true,
aggregatable: true,
readFromDocValues: true
},
{
name: 'data.win.system.opcode',
type: 'string',
count: 0,
scripted: false,
searchable: true,
aggregatable: true,
readFromDocValues: true
},
{
name: 'data.win.system.processID',
type: 'string',
count: 0,
scripted: false,
searchable: true,
aggregatable: true,
readFromDocValues: true
},
{
name: 'data.win.system.providerGuid',
type: 'string',
count: 0,
scripted: false,
searchable: true,
aggregatable: true,
readFromDocValues: true
},
{
name: 'data.win.system.providerName',
type: 'string',
count: 0,
scripted: false,
searchable: true,
aggregatable: true,
readFromDocValues: true
},
{
name: 'data.win.system.securityUserID',
type: 'string',
count: 0,
scripted: false,
searchable: true,
aggregatable: true,
readFromDocValues: true
},
{
name: 'data.win.system.severityValue',
type: 'string',
count: 0,
scripted: false,
searchable: true,
aggregatable: true,
readFromDocValues: true
},
{
name: 'data.win.system.systemTime',
type: 'string',
count: 0,
scripted: false,
searchable: true,
aggregatable: true,
readFromDocValues: true
},
{
name: 'data.win.system.task',
type: 'string',
count: 0,
scripted: false,
searchable: true,
aggregatable: true,
readFromDocValues: true
},
{
name: 'data.win.system.threadID',
type: 'string',
count: 0,
scripted: false,
searchable: true,
aggregatable: true,
readFromDocValues: true
},
{
name: 'data.win.system.userID',
type: 'string',
count: 0,
scripted: false,
searchable: true,
aggregatable: true,
readFromDocValues: true
},
{
name: 'data.win.system.version',
type: 'string',
count: 0,
scripted: false,
searchable: true,
aggregatable: true,
readFromDocValues: true
}
];