Skip to content

[Windows] Sysmon Operational missing event.category and event.type #5976

Closed
#5980
elastic/beats
#35193
Closed
[Windows] Sysmon Operational missing event.category and event.type#5976
#5980
elastic/beats
#35193
Assignees
kcreddy
Labels
Integration:windowsWindowsbugSomething isn't working, use only for issues
@kcreddy

Description

@kcreddy
kcreddy
opened on Apr 24, 2023

Recently PR #5511 added support for Sysmon new New EventIDs - 8, 9, 19, 20, 27, 28, 255, but its missing values for event.category and event.type.

Also, the winlogbeat's sysmon pipeline also need similar changes: https://github.com/elastic/beats/blob/master/x-pack/winlogbeat/module/sysmon/ingest/sysmon.yml

Metadata

Metadata

Assignees

Labels

Integration:windowsWindowsbugSomething isn't working, use only for issues

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions