Extend user.name mapping to Windows Integration Package

[ChriZzn]

Proposed commit message

Adding EventID 4662 and 5136, to use the 'winlog.event_data.SubjectUserName' as user.name and related.user

Checklist

• I have reviewed tips for building integrations and this pull request is aligned with them.
• I have verified that all data streams collect metrics or logs.
• I have added an entry to my package's changelog.yml file.
• I have verified that Kibana version constraints are current according to guidelines.

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2023-11-02T21:57:10.916+0000

• Duration: 20 min 22 sec

Test stats 🧪

Test	Results
Failed	0
Passed	305
Skipped	0
Total	305

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

[elasticmachine]

Pinging @elastic/elastic-agent (Team:Elastic-Agent)

[elasticmachine]

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

[leehinman]

you will need to update the version number in packages/windows/manifest.yml as well.

[ChriZzn]

Any Updates on this?

[efd6]

Sorry this was dropped. Please fix the conflict in the system changelog.

[ChriZzn]

Hello, should be resolved now, Regards

[efd6]

/test

[efd6]

Are you able to provide test cases for this? If not, let me know and I will construct ones from the MS docs (here and here, but real cases would be better).

[elasticmachine]

🌐 Coverage report

Name	Metrics % (covered/total)	Diff
Packages	100.0% (11/11)	💚
Files	93.75% (15/16)	👎 -6.25
Classes	93.75% (15/16)	👎 -6.25
Methods	78.302% (166/212)	👎 -19.067
Lines	93.783% (8855/9442)	👎 -1.644
Conditionals	100.0% (0/0)	💚

[ChriZzn]

Are you able to provide test cases for this? If not, let me know and I will construct ones from the MS docs (here and here, but real cases would be better).

Hi, im sorry i cant provide you test data, because they are from active environments...

[efd6]

Please apply the this patch file and then resolve the conflicts, 0001-add-tests.patch.

[cla-checker-service]

💚 CLA has been signed

[ChriZzn]

Hi i applied the patch and resolved the conflicts....

[efd6]

The author you've used to apply the patch is making the CLA checker unhappy. Would you please sign the CLA with that name/email address as well?

[ChriZzn]

The author you've used to apply the patch is making the CLA checker unhappy. Would you please sign the CLA with that name/email address as well?

Hi, should be signed now with username 'cw', Regards

[efd6]

It will need to match exactly, including the email address.

[ChriZzn]

so

It will need to match exactly, including the email address.

Resigned the CLA, please DM me the email/username combo if there are still Problems

[efd6]

/test

[leehinman]

LGTM

[elasticmachine]

Package system - 1.48.0 containing this change is available at https://epr.elastic.co/search?package=system

[elasticmachine]

Package windows - 1.42.0 containing this change is available at https://epr.elastic.co/search?package=windows