Description
The sysmon operational handlebar template is invalid, if a user try to add a processors he get the following error:
This seems to happens since translate_sid has been added to the template
processors:
- translate_sid:
field: winlog.event_data.MemberSid
account_name_target: winlog.event_data._MemberUserName
domain_target: winlog.event_data._MemberDomain
account_type_target: winlog.event_data._MemberAccountType
ignore_missing: true
ignore_failure: true
The issues seems to happen for the windows.powershell_operational too.
Description
The sysmon operational handlebar template is invalid, if a user try to add a processors he get the following error:
This seems to happens since
translate_sidhas been added to the templateThe issues seems to happen for the
windows.powershell_operationaltoo.