Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Windows] Sysmon Operational missing event.category and event.type #5976

Closed
kcreddy opened this issue Apr 24, 2023 · 1 comment · Fixed by #5980 or elastic/beats#35193
Closed

[Windows] Sysmon Operational missing event.category and event.type #5976

kcreddy opened this issue Apr 24, 2023 · 1 comment · Fixed by #5980 or elastic/beats#35193
Assignees
@kcreddy
Labels
bug Something isn't working, use only for issues Integration:windows Windows

Comments

@kcreddy
Copy link
Contributor

kcreddy commented Apr 24, 2023

Recently PR #5511 added support for Sysmon new New EventIDs - 8, 9, 19, 20, 27, 28, 255, but its missing values for event.category and event.type.

Also, the winlogbeat's sysmon pipeline also need similar changes: https://github.com/elastic/beats/blob/master/x-pack/winlogbeat/module/sysmon/ingest/sysmon.yml
@kcreddy kcreddy added bug Something isn't working, use only for issues Team:Security-External Integrations Integration:windows Windows labels Apr 24, 2023
@kcreddy kcreddy self-assigned this Apr 24, 2023
@elasticmachine
Copy link

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

This was referenced Apr 24, 2023
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kcreddy kcreddy

Labels
bug Something isn't working, use only for issues Integration:windows Windows
Projects
None yet
Milestone
No milestone
2 participants
@kcreddy @elasticmachine