mapping update, removed unused fields
This commit is contained in:
bar
@@ -21,8 +21,6 @@ fieldmappings:
|
||||
- user-account:x_security_id
|
||||
CallTrace:
|
||||
- x-windows:calltrace
|
||||
ChangedAttributes:
|
||||
- x-windows:changedattributes
|
||||
ClientIP:
|
||||
- ipv4-addr:value
|
||||
- ipv6-addr:value
|
||||
@@ -116,8 +114,6 @@ fieldmappings:
|
||||
- x-windows:objectname
|
||||
ObjectType:
|
||||
- x-windows:objecttype
|
||||
PSEncodedCommand:
|
||||
- x-windows:psencodedcommand
|
||||
ParentCommandLine:
|
||||
- process:parent_ref.command_line
|
||||
ParentImage:
|
||||
@@ -152,26 +148,19 @@ fieldmappings:
|
||||
- x-windows:queryresults
|
||||
QueryStatus:
|
||||
- x-windows:querystatus
|
||||
Realm:
|
||||
- x-windows:realm
|
||||
RecordNumber:
|
||||
- x-windows:recordnumber
|
||||
RegistryKey:
|
||||
- windows-registry-key:key
|
||||
RegistryValueData:
|
||||
- windows-registry-key:values[*].data
|
||||
RegistryValueName:
|
||||
- windows-registry-key:values[*].name
|
||||
RunLevel:
|
||||
- x-windows:runlevel
|
||||
SAMAccountName:
|
||||
- x-windows:samaccountname
|
||||
- user-account:account_login
|
||||
- user-account:display_name
|
||||
SHA1Hash:
|
||||
- file:hashes.SHA-1
|
||||
SHA256Hash:
|
||||
- file:hashes.SHA-256
|
||||
Scope:
|
||||
- x-windows:scope
|
||||
ServiceFileName:
|
||||
- process:extensions.windows-service-ext.service_dll_refs[*].name
|
||||
ServiceName:
|
||||
@@ -233,12 +222,6 @@ fieldmappings:
|
||||
- user-account:user_id
|
||||
UserDomain:
|
||||
- user-account:x_domain
|
||||
UserPrincipalName:
|
||||
- x-windows:userprincipalname
|
||||
UserRight:
|
||||
- x-windows:userright
|
||||
UserWorkstations:
|
||||
- x-windows:userworkstations
|
||||
event-id:
|
||||
- x-event:id
|
||||
eventId:
|
||||
|
||||
Reference in New Issue
Block a user