Merge pull request #13409 from Security-Onion-Solutions/fix/elastic_fleet_defender

Fix defender winlog name change
2025-12-06 09:12:45 +01:00 · 2024-07-30 15:47:45 -04:00
parent 2b90bdc86a 3fa6c72620
commit bd223d8643
1 changed files with 2 additions and 2 deletions
--- a/salt/elasticfleet/files/integrations/endpoints-initial/windows-defender.json
+++ b/salt/elasticfleet/files/integrations/endpoints-initial/windows-defender.json
@@ -11,11 +11,11 @@
    "winlogs-winlog": {
      "enabled": true,
      "streams": {
-        "winlog.winlog": {
+        "winlog.winlogs": {
          "enabled": true,
          "vars": {
            "channel": "Microsoft-Windows-Windows Defender/Operational",
-            "data_stream.dataset": "winlog.winlogs",
+            "data_stream.dataset": "winlog.winlog",
            "preserve_original_event": false,
            "providers": [],
            "ignore_older": "72h",