Event ID: 9 - RawAccessRead

Native field name	OSSEM Field Name
RuleName	tag
UtcTime	event_date_creation
ProcessGuid	process_guid
ProcessId	process_id
Image	process_path
Device	target_device

Logstash pipeline

if [event_id] == 9 {
      mutate {
        rename => {
            "RuleName" => "tag"
            "UtcTime" => "event_date_creation"
            "ProcessGuid" => "process_guid"
            "ProcessId" => "process_id"
            "Image" => "process_path"
            "Device" => "target_device"
        }
      }
    }

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

EventId-9.md

EventId-9.md

Event ID: 9 - RawAccessRead

Logstash pipeline

Files

EventId-9.md

Latest commit

History

EventId-9.md

File metadata and controls

Event ID: 9 - RawAccessRead

Logstash pipeline