From f4da0c5540ade015d565ff7db52b428a062854cb Mon Sep 17 00:00:00 2001
From: Thomas Patzke <thomas@patzke.org>
Date: Wed, 19 Jun 2019 23:35:50 +0200
Subject: [PATCH] Added field SecurityID to Winlogbeat config

---
 tools/config/elk-winlogbeat.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tools/config/elk-winlogbeat.yml b/tools/config/elk-winlogbeat.yml
index 34417ce68..c745fbca1 100644
--- a/tools/config/elk-winlogbeat.yml
+++ b/tools/config/elk-winlogbeat.yml
@@ -94,6 +94,7 @@ fieldmappings:
     ProcessCommandLine: event_data.ProcessCommandLine
     ProcessName: event_data.ProcessName
     Properties: event_data.Properties
+    SecurityID: event_data.SecurityID
     ServiceFileName: event_data.ServiceFileName
     ServiceName: event_data.ServiceName
     ShareName: event_data.ShareName