New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added field winlog.event_data.EnabledPrivilegeList
to windows and system integration
#8230
Added field winlog.event_data.EnabledPrivilegeList
to windows and system integration
#8230
Conversation
1ec2fe7
to
f913d03
Compare
🌐 Coverage report
|
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
Pinging @elastic/elastic-agent-data-plane (Team:Elastic-Agent-Data-Plane) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good!
- windows integration, forward data stream - system integration, security data stream Closes elastic/kibana#169077
f913d03
to
ad80177
Compare
Package system - 1.46.0 containing this change is available at https://epr.elastic.co/search?package=system |
Package windows - 1.39.0 containing this change is available at https://epr.elastic.co/search?package=windows |
Proposed commit message
Added
winlog.event_data.EnabledPrivilegeList
field as type "keyword" in the following integrations:This is needed for rule verification in the "security_detection_engine" integration and the "SeDebugPrivilege Enabled by a Suspicious Process" rule.
Checklist
changelog.yml
file.Author's Checklist
How to test this PR locally
Related issues
Screenshots