You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Sysmon v10.0 added OriginalFileName to process create and load image events. And ECS 1.5 added pe.original_file_name. Winlogbeat's Sysmon module should be updated to populate this field.
Sysmon v10.0 added
OriginalFileNameto process create and load image events. And ECS 1.5 addedpe.original_file_name. Winlogbeat's Sysmon module should be updated to populate this field.