CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #10986 from Security-Onion-Solutions/fix/windows_event_table

Browse Source 
Fix/windows event table
This commit is contained in:
bryant-treacle
2023-08-08 16:23:14 -04:00
committed by GitHub
parent 8455d3da6f 036b81707b
commit 4320dab856
1 changed files with 5 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
salt/soc/defaults.yaml
View File

@@ -69,7 +69,7 @@ soc:
- log.id.uid - log.id.uid
- network.community_id - network.community_id
- event.dataset - event.dataset
':kratos:kratos.audit': ':kratos:audit':
- soc_timestamp - soc_timestamp
- http_request.headers.x-real-ip - http_request.headers.x-real-ip
- identity_id - identity_id
@@ -570,14 +570,13 @@ soc:
- destination.geo.country_iso_code - destination.geo.country_iso_code
- user.name - user.name
- source.ip - source.ip
':windows.sysmon_operational:': '::sysmon_operational':
- soc_timestamp - soc_timestamp
- event.action - event.action
- process.executable - winlog.computer_name
- user.name - user.name
- file.target - process.executable
- dns.question.name - process.pid
- winlog.event_data.TargetObject
'::network_connection': '::network_connection':
- soc_timestamp - soc_timestamp
- source.ip - source.ip