diff --git a/server/integration-files/known-fields.js b/server/integration-files/known-fields.js index a9c11179a..f2978f3fa 100644 --- a/server/integration-files/known-fields.js +++ b/server/integration-files/known-fields.js @@ -5259,5 +5259,338 @@ export const knownFields = [ searchable: true, aggregatable: true, readFromDocValues: true + }, + { + name: 'data.EventChannel.EventData.AuthenticationPackageName', + type: 'string', + count: 0, + scripted: false, + searchable: true, + aggregatable: true, + readFromDocValues: true + }, + { + name: 'data.EventChannel.EventData.ImpersonationLevel', + type: 'string', + count: 0, + scripted: false, + searchable: true, + aggregatable: true, + readFromDocValues: true + }, + { + name: 'data.EventChannel.EventData.IpAddress', + type: 'string', + count: 0, + scripted: false, + searchable: true, + aggregatable: true, + readFromDocValues: true + }, + { + name: 'data.EventChannel.EventData.IpPort', + type: 'string', + count: 0, + scripted: false, + searchable: true, + aggregatable: true, + readFromDocValues: true + }, + { + name: 'data.EventChannel.EventData.KeyLength', + type: 'string', + count: 0, + scripted: false, + searchable: true, + aggregatable: true, + readFromDocValues: true + }, + { + name: 'data.EventChannel.EventData.LmPackageName', + type: 'string', + count: 0, + scripted: false, + searchable: true, + aggregatable: true, + readFromDocValues: true + }, + { + name: 'data.EventChannel.EventData.LogonGuid', + type: 'string', + count: 0, + scripted: false, + searchable: true, + aggregatable: true, + readFromDocValues: true + }, + { + name: 'data.EventChannel.EventData.LogonProcessName', + type: 'string', + count: 0, + scripted: false, + searchable: true, + aggregatable: true, + readFromDocValues: true + }, + { + name: 'data.EventChannel.EventData.LogonType', + type: 'string', + count: 0, + scripted: false, + searchable: true, + aggregatable: true, + readFromDocValues: true + }, + { + name: 'data.EventChannel.EventData.ProcessId', + type: 'string', + count: 0, + scripted: false, + searchable: true, + aggregatable: true, + readFromDocValues: true + }, + { + name: 'data.EventChannel.EventData.ProcessName', + type: 'string', + count: 0, + scripted: false, + searchable: true, + aggregatable: true, + readFromDocValues: true + }, + { + name: 'data.EventChannel.EventData.SubjectDomainName', + type: 'string', + count: 0, + scripted: false, + searchable: true, + aggregatable: true, + readFromDocValues: true + }, + { + name: 'data.EventChannel.EventData.SubjectLogonId', + type: 'string', + count: 0, + scripted: false, + searchable: true, + aggregatable: true, + readFromDocValues: true + }, + { + name: 'data.EventChannel.EventData.SubjectUserName', + type: 'string', + count: 0, + scripted: false, + searchable: true, + aggregatable: true, + readFromDocValues: true + }, + { + name: 'data.EventChannel.EventData.SubjectUserSid', + type: 'string', + count: 0, + scripted: false, + searchable: true, + aggregatable: true, + readFromDocValues: true + }, + { + name: 'data.EventChannel.EventData.TargetDomainName', + type: 'string', + count: 0, + scripted: false, + searchable: true, + aggregatable: true, + readFromDocValues: true + }, + { + name: 'data.EventChannel.EventData.TargetLogonId', + type: 'string', + count: 0, + scripted: false, + searchable: true, + aggregatable: true, + readFromDocValues: true + }, + { + name: 'data.EventChannel.EventData.TargetUserName', + type: 'string', + count: 0, + scripted: false, + searchable: true, + aggregatable: true, + readFromDocValues: true + }, + { + name: 'data.EventChannel.EventData.TargetUserSid', + type: 'string', + count: 0, + scripted: false, + searchable: true, + aggregatable: true, + readFromDocValues: true + }, + { + name: 'data.EventChannel.EventData.TransmittedServices', + type: 'string', + count: 0, + scripted: false, + searchable: true, + aggregatable: true, + readFromDocValues: true + }, + { + name: 'data.EventChannel.EventData.WorkstationName', + type: 'string', + count: 0, + scripted: false, + searchable: true, + aggregatable: true, + readFromDocValues: true + }, + { + name: 'data.EventChannel.System.Channel', + type: 'string', + count: 0, + scripted: false, + searchable: true, + aggregatable: true, + readFromDocValues: true + }, + { + name: 'data.EventChannel.System.Computer', + type: 'string', + count: 0, + scripted: false, + searchable: true, + aggregatable: true, + readFromDocValues: true + }, + { + name: 'data.EventChannel.System.EventID', + type: 'string', + count: 0, + scripted: false, + searchable: true, + aggregatable: true, + readFromDocValues: true + }, + { + name: 'data.EventChannel.System.EventRecordID', + type: 'string', + count: 0, + scripted: false, + searchable: true, + aggregatable: true, + readFromDocValues: true + }, + { + name: 'data.EventChannel.System.Keywords', + type: 'string', + count: 0, + scripted: false, + searchable: true, + aggregatable: true, + readFromDocValues: true + }, + { + name: 'data.EventChannel.System.Level', + type: 'string', + count: 0, + scripted: false, + searchable: true, + aggregatable: true, + readFromDocValues: true + }, + { + name: 'data.EventChannel.System.Message', + type: 'string', + count: 0, + scripted: false, + searchable: true, + aggregatable: true, + readFromDocValues: true + }, + { + name: 'data.EventChannel.System.Opcode', + type: 'string', + count: 0, + scripted: false, + searchable: true, + aggregatable: true, + readFromDocValues: true + }, + { + name: 'data.EventChannel.System.ProcessID', + type: 'string', + count: 0, + scripted: false, + searchable: true, + aggregatable: true, + readFromDocValues: true + }, + { + name: 'data.EventChannel.System.ProviderGuid', + type: 'string', + count: 0, + scripted: false, + searchable: true, + aggregatable: true, + readFromDocValues: true + }, + { + name: 'data.EventChannel.System.ProviderName', + type: 'string', + count: 0, + scripted: false, + searchable: true, + aggregatable: true, + readFromDocValues: true + }, + { + name: 'data.EventChannel.System.SeverityValue', + type: 'string', + count: 0, + scripted: false, + searchable: true, + aggregatable: true, + readFromDocValues: true + }, + { + name: 'data.EventChannel.System.SystemTime', + type: 'string', + count: 0, + scripted: false, + searchable: true, + aggregatable: true, + readFromDocValues: true + }, + { + name: 'data.EventChannel.System.Task', + type: 'string', + count: 0, + scripted: false, + searchable: true, + aggregatable: true, + readFromDocValues: true + }, + { + name: 'data.EventChannel.System.ThreadID', + type: 'string', + count: 0, + scripted: false, + searchable: true, + aggregatable: true, + readFromDocValues: true + }, + { + name: 'data.EventChannel.System.Version', + type: 'string', + count: 0, + scripted: false, + searchable: true, + aggregatable: true, + readFromDocValues: true } ];