security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #1406 from roysjosh/winlogbeat-mapping

Browse Source 
Map CommandLine appropriately
This commit is contained in:
Florian Roth
2021-04-01 09:16:28 +02:00
committed by GitHub
parent eb98f0ba28 30ab2aad75
commit 2560f40e06
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tools/config/winlogbeat-modules-enabled.yml
+2 -2
View File
@@ -84,7 +84,7 @@ fieldmappings:
CallingProcessName: winlog.event_data.CallingProcessName
CallTrace: winlog.event_data.CallTrace
Channel: winlog.channel
CommandLine: process.args
CommandLine: process.command_line
ComputerName: winlog.ComputerName
CurrentDirectory: process.working_directory
Description: winlog.event_data.Description
@@ -125,7 +125,7 @@ fieldmappings:
ObjectName: winlog.event_data.ObjectName
ObjectType: winlog.event_data.ObjectType
ObjectValueName: winlog.event_data.ObjectValueName
ParentCommandLine: process.parent.args
ParentCommandLine: process.parent.command_line
ParentProcessName: process.parent.name
ParentImage: process.parent.executable
Path: winlog.event_data.Path