securityonion

Author	SHA1	Message	Date
Josh Brower	7cbeed985a	Differentiate between event & ingest timestamp	2021-04-13 12:55:40 -04:00
Josh Brower	cf4de255ec	Fix Wazuh WEL Shipping	2021-04-12 15:18:18 -04:00
Wes Lambert	875908dc90	Set @timestamp to winlog.systemTime	2021-01-06 16:47:35 +00:00
OmerTirosh	e2ee0db727	Ignore failure for rename processor Ignore failure for winlog.event_data.SubjectUserName rename processor. For some event ids (for example 4688), this field already been added in winlogbeat JS processor. Therefor, elastic throw [user.name] already exists error.	2020-11-24 17:21:47 +02:00
Josh Brower	c3b2d98ffb	Add event.category to WEL	2020-09-10 06:15:30 -04:00
Josh Brower	b7dd14b8f0	Set event.code to string for WEL	2020-08-28 13:40:04 -04:00
Josh Brower	15efe77e06	Ingest Parsing Update for Sysmon/WEL	2020-08-06 13:11:47 -04:00
Josh Brower	d971d07720	Osquery & WLB Parsing Update for WEL & Sysmon	2020-07-31 16:06:15 -04:00
Josh Brower	55e60cb749	initial refactor - beats/sysmon parsing	2020-07-28 11:03:33 -04:00