From 5c9ca35bb6be0eb9bbc00d7a56ffdad4ebaf80a9 Mon Sep 17 00:00:00 2001 From: frack113 Date: Wed, 7 Jul 2021 09:10:50 +0200 Subject: [PATCH] Add the last missing --- tools/config/winlogbeat-modules-enabled.yml | 11 ++++------- tools/config/winlogbeat.yml | 11 ++++------- 2 files changed, 8 insertions(+), 14 deletions(-) diff --git a/tools/config/winlogbeat-modules-enabled.yml b/tools/config/winlogbeat-modules-enabled.yml index 68f3d98cc..d341f011d 100644 --- a/tools/config/winlogbeat-modules-enabled.yml +++ b/tools/config/winlogbeat-modules-enabled.yml @@ -263,10 +263,7 @@ fieldmappings: SubjectLogonId: winlog.event_data.SubjectLogonId TargetFileName: file.path TargetProcessAddress: winlog.event_data.TargetProcessAddress - # SourceNetworkAddress - # SourceUserName - # SourceWorkstation - # TargetLogonId - # TaskName - # UserName - # Workstation \ No newline at end of file + TargetLogonId: winlog.event_data.TargetLogonId + TaskName: winlog.event_data.TaskName + UserName: winlog.event_data.UserName # smbclient-security eventid:31017 + Workstation : winlog.event_data.Workstation \ No newline at end of file diff --git a/tools/config/winlogbeat.yml b/tools/config/winlogbeat.yml index 37059aad7..50a5d5e10 100644 --- a/tools/config/winlogbeat.yml +++ b/tools/config/winlogbeat.yml @@ -242,10 +242,7 @@ fieldmappings: SubjectLogonId: winlog.event_data.SubjectLogonId TargetFileName: winlog.event_data.TargetFilename TargetProcessAddress: winlog.event_data.TargetProcessAddress - # SourceNetworkAddress - # SourceUserName - # SourceWorkstation - # TargetLogonId - # TaskName - # UserName - # Workstation \ No newline at end of file + TargetLogonId: winlog.event_data.TargetLogonId + TaskName: winlog.event_data.TaskName + UserName: winlog.event_data.UserName # smbclient-security eventid:31017 + Workstation : winlog.event_data.Workstation \ No newline at end of file