You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
windows.powershell.operational log source properly populates winlog.process.pid that pid IS the powershell process pid, so promote it to the ecs process.pid field like how we do for sysmon and windows defender.
windows.powershell.operationallog source properly populateswinlog.process.pidthat pid IS the powershell process pid, so promote it to the ecsprocess.pidfield like how we do for sysmon and windows defender.https://github.com/elastic/integrations/blob/451750a1a9e8ad115f99013c83bebfd04124ec12/packages/windows/data_stream/sysmon_operational/elasticsearch/ingest_pipeline/default.yml#L345-L351
https://github.com/elastic/integrations/blob/a74f0bf780d1d4a39986bca9bf2f1de1ba04e4ec/packages/windows/data_stream/windows_defender/elasticsearch/ingest_pipeline/default.yml#L160-L164