security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #2211 from nasbench/master

Browse Source 
Update winlogbeat-modules-enabled.yml
This commit is contained in:
frack113
2021-10-29 12:25:30 +02:00
committed by GitHub
parent e34ac47b03 1015d3fe68
commit a936f1afb7
1 changed files with 8 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tools/config/winlogbeat-modules-enabled.yml
+8 -5
View File
@@ -155,22 +155,25 @@ fieldmappings:
Image: process.executable
FileVersion:
category=process_creation: process.pe.file_version
category=image_load: process.pe.file_version
category=image_load: file.pe.file_version
default: winlog.event_data.FileVersion
Description:
category=process_creation: process.pe.description
category=image_load: process.pe.description
category=image_load: file.pe.description
category=sysmon_error: winlog.event_data.Description
default: winlog.event_data.Description
Product:
category=process_creation: process.pe.product
category=image_load: process.pe.product
category=image_load: file.pe.product
default: winlog.event_data.Product
Company:
category=process_creation: process.pe.company
category=image_load: process.pe.company
category=image_load: file.pe.company
default: winlog.event_data.Company
OriginalFileName: process.pe.original_file_name
OriginalFileName:
category=process_creation: process.pe.original_file_name
category=image_load: file.pe.original_file_name
default: winlog.event_data.OriginalFileName
CommandLine:
category=process_creation: process.command_line
service=security: process.command_line