Event ID: 5 - Process Terminated

Native field name	OSSEM Field Name
RuleName	tag
UtcTime	event_date_creation
ProcessGuid	process_guid
ProcessId	process_id
Image	process_path

Logstash pipeline

if [event_id] == 5 {
      mutate {
        rename => {
          "RuleName" => "tag"
          "UtcTime" => "event_date_creation"
          "ProcessGuid" => "process_guid"
          "ProcessId" => "process_id"
          "Image" => "process_path"
        }
      }
    }

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

EventId-5.md

EventId-5.md

Event ID: 5 - Process Terminated

Logstash pipeline

Files

EventId-5.md

Latest commit

History

EventId-5.md

File metadata and controls

Event ID: 5 - Process Terminated

Logstash pipeline