Skip to content

Commit

Permalink
Merge pull request #1406 from roysjosh/winlogbeat-mapping
Browse files Browse the repository at this point in the history
Map CommandLine appropriately
Neo23x0 authored Apr 1, 2021
2 parents eb98f0b + 30ab2aa commit 2560f40
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions tools/config/winlogbeat-modules-enabled.yml
Original file line number Diff line number Diff line change
@@ -84,7 +84,7 @@ fieldmappings:
CallingProcessName: winlog.event_data.CallingProcessName
CallTrace: winlog.event_data.CallTrace
Channel: winlog.channel
CommandLine: process.args
CommandLine: process.command_line
ComputerName: winlog.ComputerName
CurrentDirectory: process.working_directory
Description: winlog.event_data.Description
@@ -125,7 +125,7 @@ fieldmappings:
ObjectName: winlog.event_data.ObjectName
ObjectType: winlog.event_data.ObjectType
ObjectValueName: winlog.event_data.ObjectValueName
ParentCommandLine: process.parent.args
ParentCommandLine: process.parent.command_line
ParentProcessName: process.parent.name
ParentImage: process.parent.executable
Path: winlog.event_data.Path

0 comments on commit 2560f40

Please sign in to comment.