Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Winlogbeat] Non-namespaced fields in PowerShell modules fields.yml #18984

Closed
andrewkroh opened this issue Jun 4, 2020 · 1 comment · Fixed by #19003
Closed

[Winlogbeat] Non-namespaced fields in PowerShell modules fields.yml #18984

andrewkroh opened this issue Jun 4, 2020 · 1 comment · Fixed by #19003
Assignees
@marc-gr
Labels
bug Winlogbeat

Comments

@andrewkroh
Copy link
Member

The PowerShell module's fields.yml is including some fields that are not namespaced under powershell.*. I think this is just a mistake in the fields.yml and not a problem with the actual data being produced by the module.

Looking at winlogbeat export template:

          "winlog.user.type",
          "id",                   <----
          "pipeline_id",          <----
          "runspace_id",          <----
          "powershell.command.path",
          "powershell.command.name",
          "powershell.command.type",
          "powershell.command.value",
          "powershell.command.invocation_details.type",
          "powershell.command.invocation_details.related_command",
          "powershell.command.invocation_details.name",
          "powershell.command.invocation_details.value",
          "powershell.connected_user.domain",
          "powershell.connected_user.name",
          "powershell.engine.version",
          "powershell.engine.previous_state",
          "powershell.engine.new_state",
          "powershell.file.script_block_id",
          "powershell.file.script_block_text",
          "powershell.process.executable_version",
          "powershell.provider.new_state",
          "powershell.provider.name",
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Jun 4, 2020
@elasticmachine
Copy link
Collaborator

Pinging @elastic/siem (Team:SIEM)

@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Jun 4, 2020
marc-gr added a commit to marc-gr/beats that referenced this issue Jun 5, 2020
@marc-gr
Winlogbeat: fix powershell unprefixed fields in fields.yml
50fae6d 
Closes elastic#18984
@marc-gr marc-gr mentioned this issue Jun 5, 2020
Merged
2 tasks
marc-gr added a commit that referenced this issue Jun 5, 2020
@marc-gr
Winlogbeat: fix powershell unprefixed fields in fields.yml (#19003)
498c7ce 
Closes #18984
marc-gr added a commit to marc-gr/beats that referenced this issue Jun 5, 2020
@marc-gr
Winlogbeat: fix powershell unprefixed fields in fields.yml (elastic#1…
87bc0e1 
…9003)

Closes elastic#18984

(cherry picked from commit 498c7ce)
@marc-gr marc-gr mentioned this issue Jun 5, 2020
Closed
2 tasks
marc-gr added a commit to marc-gr/beats that referenced this issue Jun 5, 2020
@marc-gr
Winlogbeat: fix powershell unprefixed fields in fields.yml (elastic#1…
0108734 
…9003)

Closes elastic#18984

(cherry picked from commit 498c7ce)
@marc-gr marc-gr mentioned this issue Jun 5, 2020
Merged
2 tasks
marc-gr added a commit that referenced this issue Jun 5, 2020
@marc-gr
Winlogbeat: fix powershell unprefixed fields in fields.yml (#19003) (#…
da19adc 
…19009)

Closes #18984

(cherry picked from commit 498c7ce)
melchiormoulin pushed a commit to melchiormoulin/beats that referenced this issue Oct 14, 2020
@marc-gr @melchiormoulin
Winlogbeat: fix powershell unprefixed fields in fields.yml (elastic#1…
e746e89 
…9003)

Closes elastic#18984
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@marc-gr marc-gr

Labels
bug Winlogbeat
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[Winlogbeat] Fix powershell unprefixed fields in fields.yml marc-gr/beats
3 participants
@andrewkroh @marc-gr @elasticmachine