[Filebeat] Upgrade system module to ECS 1.4 #16031
Assignees
Labels
Comments
|
Pinging @elastic/siem (Team:SIEM) |
leehinman
changed the title
leehinman
added a commit
to leehinman/beats
that referenced
this issue
Apr 28, 2020
- auth + event.kind + event.category (make array) + event.type (make array) + capture useradd, usermod, userdel + capture groupadd, groupmod, groupdel + related.ip + related.user - syslog + event.kind Closes elastic#16031
3 tasks
leehinman
added a commit
to leehinman/beats
that referenced
this issue
May 4, 2020
…elastic#18065) * Improve ECS categorization field mappings in system module - auth + event.kind + event.category (make array) + event.type (make array) + capture useradd, usermod, userdel + capture groupadd, groupmod, groupdel + related.ip + related.user - syslog + event.kind Closes elastic#16031 (cherry picked from commit c885b57)
3 tasks
leehinman
added a commit
that referenced
this issue
May 4, 2020
…#18065) (#18177) * Improve ECS categorization field mappings in system module - auth + event.kind + event.category (make array) + event.type (make array) + capture useradd, usermod, userdel + capture groupadd, groupmod, groupdel + related.ip + related.user - syslog + event.kind Closes #16031 (cherry picked from commit c885b57)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Filesets
add system.auth.sudo.user to related.user
The text was updated successfully, but these errors were encountered: