Add registered_domain

elastic · Aug 26, 2019 · d5c8cf1 · d5c8cf1
1 parent b448de3
commit d5c8cf1
Show file tree

Hide file tree

Showing 2 changed files with 314 additions and 154 deletions.
diff --git a/x-pack/winlogbeat/module/sysmon/config/winlogbeat-sysmon.js b/x-pack/winlogbeat/module/sysmon/config/winlogbeat-sysmon.js
@@ -791,6 +791,12 @@ var sysmon = (function () {
             ignore_missing: true,
             fail_on_error: false,
         })
+        .RegisteredDomain({
+            ignore_failure: true,
+            ignore_missing: true,
+            field: "dns.question.name",
+            target_field: "dns.question.registered_domain",
+        })
         .Add(translateDnsQueryStatus)
         .Add(splitDnsQueryResults)
         .Add(setProcessNameUsingExe)