sigma-rules/etc/non-ecs-schema.json at 30cded7a2db07bd0fb945c9d6aa68a7167c19f24 - sigma-rules - GreySec Git

security-tools/sigma-rules

Files

T

Justin Ibarra 97ee8cc9ac Refresh beats and ecs schemas and default to use latest to validate (#570 )

* Refresh beats and ecs schemas and default to use latest to validate
* remove incorrect ecs_version from zoom rule
* remove stale ecs_version from rules

2020-12-01 13:24:20 -09:00

14 lines

218 B

JSON

Raw Blame History

 {
   "endgame-*": {
     "endgame": {
       "metadata": {
         "type": "keyword"
       },
       "event_subtype_full": "keyword"
     }
   },
   "winlogbeat-*": {
     "winlog.event_data.OriginalFileName": "keyword"
   }
 }