Skip to content

Commit

Permalink
more fields for cisagov#525, adding normalization for evtx
Browse files Browse the repository at this point in the history
  • Loading branch information
mmguero committed Dec 12, 2024
1 parent 6694aa2 commit d872f15
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions dashboards/templates/composable/component/evtx.json
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,7 @@
"EventData.DnsHostName": { "type": "keyword" },
"EventData.DSName": { "type": "keyword" },
"EventData.DSType": { "type": "keyword" },
"EventData.EffectiveConsentValue": { "type": "keyword" },
"EventData.ElevatedToken": { "type": "keyword" },
"EventData.EnabledPrivilegeList": { "type": "keyword" },
"EventData.Endpoint": { "type": "keyword" },
Expand Down Expand Up @@ -176,6 +177,7 @@
"EventData.NewTargetUserName": { "type": "keyword" },
"EventData.NewThreadId": { "type": "keyword" },
"EventData.NewUacValue": { "type": "keyword" },
"EventData.NotificationType": { "type": "keyword" },
"EventData.NumberOfParameters": { "type": "integer" },
"EventData.ObjectClass": { "type": "keyword" },
"EventData.ObjectDN": { "type": "keyword" },
Expand Down Expand Up @@ -249,6 +251,7 @@
"EventData.RemoteMachineID": { "type": "keyword" },
"EventData.RemoteUserID": { "type": "keyword" },
"EventData.ResourceManager": { "type": "keyword" },
"EventData.Result": { "type": "keyword" },
"EventData.ReturnCode": { "type": "keyword" },
"EventData.RuleName": { "type": "keyword" },
"EventData.SamAccountName": { "type": "keyword" },
Expand Down

0 comments on commit d872f15

Please sign in to comment.