Describe the enhancement: Event ID's 4797, 5379, 5381, and 5382 are not currently parsed in the Winlogbeat 8.x Ingest Pipelines.
Describe a specific use case for the enhancement or feature: These are common Event ID's in our environment, so ensuring proper parsing will help with identifying events based on the event.action field.
Describe the enhancement: Event ID's 4797, 5379, 5381, and 5382 are not currently parsed in the Winlogbeat 8.x Ingest Pipelines.
Describe a specific use case for the enhancement or feature: These are common Event ID's in our environment, so ensuring proper parsing will help with identifying events based on the
event.actionfield.