Remove category mapping for event 24

elastic · Apr 14, 2021 · 0796acb · 0796acb
1 parent 9452bca
commit 0796acb
Show file tree

Hide file tree

Showing 2 changed files with 0 additions and 4 deletions.
diff --git a/x-pack/winlogbeat/module/sysmon/config/winlogbeat-sysmon.js b/x-pack/winlogbeat/module/sysmon/config/winlogbeat-sysmon.js
@@ -1641,7 +1641,6 @@ var sysmon = (function () {
         .Add(parseUtcTime)
         .AddFields({
             fields: {
-                category: ["file"],
                 type: ["change"],
             },
             target: "event",

diff --git a/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-13-clipboardchange.evtx.golden.json b/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-13-clipboardchange.evtx.golden.json
@@ -2,9 +2,6 @@
   {
     "@timestamp": "2021-02-25T15:04:48.592Z",
     "event": {
-      "category": [
-        "file"
-      ],
       "code": 24,
       "kind": "event",
       "module": "sysmon",