From d4e193df3be412c0c39d7558f5e0ca7418ad25f7 Mon Sep 17 00:00:00 2001
From: Lee Hinman <57081003+leehinman@users.noreply.github.com>
Date: Mon, 25 Jan 2021 16:02:40 -0600
Subject: [PATCH] Remove 4912 evtx from testing (#23669)

- causing failures on Win 7,8, 2008R2 & 2012R2
---
 .../test/testdata/4912_WindowsSrv2016.evtx    | Bin 69632 -> 0 bytes
 .../4912_WindowsSrv2016.evtx.golden.json      |  70 ------------------
 2 files changed, 70 deletions(-)
 delete mode 100644 x-pack/winlogbeat/module/security/test/testdata/4912_WindowsSrv2016.evtx
 delete mode 100644 x-pack/winlogbeat/module/security/test/testdata/4912_WindowsSrv2016.evtx.golden.json

diff --git a/x-pack/winlogbeat/module/security/test/testdata/4912_WindowsSrv2016.evtx b/x-pack/winlogbeat/module/security/test/testdata/4912_WindowsSrv2016.evtx
deleted file mode 100644
index 15a93a947a21e60b5c5de31a57cd5c14625ff795..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 69632
zcmeI1X>3$g6vxk-c{99DXX((?1w{d=QnaN7i(ql7v{jVCXe(kYN~JB7PG@QtC^j0R
z7!$YP8WQ|KOpL)T8e<^DsF9fP!Qd7l7-M2$;zCRmF&H%&|L4B<n9h_XLgJ_YoxFK>
zIrrXkf9KqDZ>P=ao|fKpw-l#<SFssyOM)V0R<X!gm&?w}eRkG^Z~zh@0TLhq5+DH*
zAOR8}0TLhq5+H%o5@=5MEMAxC!{7LBI@x=(HseQuvQm)+Z)_cKrO*6Z=UH{|?{mhF
zFf}aVI3mA?M1Hi#w}{lD{u=xY@n6&a)AV^6b84E3IW-;g<o9{?TDKi_Jw^Ilhw`7^
zk0euy=IHmv(!M*rd@E#IFy@}3aa86^(sz^2q?gF0{tr7|_t~>y(-QrS$4&P{#-f>#
z16IPaBx?Pz?6MF29-4ow;fmYtt4lhcM_#LX9V=0(#-!{(Ru`ygPc$UWvO&5fBf}^^
ziYL6@YkV&el2PfGG#ZD{5VGoJ9mIxZK(3ZK_zcM!)O16p6Zsmvdr>neS(LKU1IZec
zv#6gV8_|}*d#=>tb0u=MvH;)R$EP1EC<Uxs?pN5#w_CP7EN!w0BM+My;oyzA+?~+N
zx9D$Uj-<@&8!%TFqz2JCA5V+#jJG^*%Q7h2k4BMrT&(a)&mXEPY`IZJOiwf=BoS;3
zN-M<f_ay%4oHP#B5@|x)Wq88saym@a*AclDLv#XJFP7hHR8VwrTf%{OP{OuVDl<^w
zd-{1LlVpV_)(cV@v<2d&V%xCsMJV_#-nBm@OChMXN*f_jp@3Y7!iAonHjmlTZfwzK
zL;^aYCDTyQEuiVmi^8%T22`^sBAw3CkwP*P1%KzP|J0FN(7XwD%YtJUxT|PLDr{g+
zq42afV#8CVn6%e0T@2A~D4-_lf{ekVyGVU%(O9Iwf_^992}?3)Mc^&@Ske-VjiY@V
z22_<*6PJ7-9+8OZ@(4Ql0pX=1rLx$FsUB&giI24daxE?14v+j6kw%O-48_%3hOtt2
z-1sC(gf%Fr+3P<}icam0q-#1!r<l4+F4vDa{2;RX-4ZNd)F?h;CUVVtlj;F$is}+M
zSmOEY8VC;I<7wfD6V}kGrhR0g1H$V(wmyJ(i8w*4%(#;VV@(gkMHfS|6ONQIdaKdO
z#ImhiZY2aXs;S``GL8Y&4_8p-+`SSASySW=sIW|`<pwxrD>mv<l<V+a2j89#6SZSi
zZTPMMl`Igdx2qj)!0>*6-cjQ~Mol&XtzEn#7egZK$LgM?VYwaa)tS9DN2NSy$CEPM
zmdOx>Tbc)6jKj=bp(7RINK(oqfmX*njzo+cx|r00lD1>na#e7;*45XRyKU1pKYHZg
zKWW6wg;QI)uNx5=GVcRc6z2XuDiZtNi>|HEyD*qlgN+8UF06YaRIi?}#%lP-2-<bU
zD!EoFU)a(<+Wy><m-k%T5S+C)R!qeW-H#u8@#uHnA))!zR}9>}^6<~CyAB`uC55e{
zQm|kXvU=ufYI;cB%Maa6#??DfuTilXZ#{$6%O1<xh*Y{IwY3sYSfgRcibMMmxmVU3
zI}IN<MjJHml0ZzPT+LeVjb*m7+cR;Jo_=Hv#GtMAUFh|_JU?r)sBaTk>hYnp^8EvD
z|9M{jQ)s;u{nz5jz=>4rpc|m-yq=fjXO6*VJK=0=vEGTRwcXXKrb=#VzF!0z#f@k>
z&!7nuI#bBi@q{zEWOZ-o)++25cKe-zYjHpSSPH}to0MyVr)70s%gN(BF9kjI1X=@K
z{b-=89)i{mX14`*2pk;cG6h=%HFzpaIf^_EMYDZ0k5fTYr~+Tl?s|K)WB%BVxxv~e
zj$)5Ag0~*{89aI@51Q2~AwNPq(27WdbgEG*;gSn*DYy!;Me}ts51%@eZ+>Qf^v&Kw
z$@jlZrP@=qwXWoqQV(e)y$8v>LqmN#XMEUEHFw4Cna_^?{RirFuYl1{$fjV)0!D@B
zlYdmYmj*uo>jqM1-;U1b<Lzx14Z(WL=^N*!Selwc<C;n*^U^k=x*C5Skb9e<%9FYv
zFLk2WABY9S(NRyRgQ}_rnjciv;T;%ML2rP;+VS{tu>;||ID~Z+g|H56`vDlzb=2h;
z*S*md8dRm)aBa8;?@=5Kdc*63Lk*&)$(Vn@9Fd!#MI{*JZ)qx-1&2!MD5#$YBdUHQ
zs9k0x+zXTI`tFfkgBkSr6q$y&EZ5_KcB>J*%sm+ItEXw5$V0DAuQ)d09(<xR1Oe1I
z`^nA_96@HpYr#>^kQI2pWla~`>H;NL(zMEEf5tmL`s?jq_RLuF%HhN(<sW?Y);?&p
z2!D0?nhBgyQ%IGWXpV^|itl7?o*}w`C~Z*xJag>ZeM2QTZ(DWO*WdiL_1v=?ZH~DG
zstMKfE^s}`qt@!wgS-0UMr+ahU6*WIxoGRrcRru-$`_xa+S^}yk=6ZG5S#Pb4`bXx
zjGRBB{`<btt*iUW+#B4Zr}X$SrPn<DqeXpWIKRs@fNP(E0KNp0>d|^F(rxY@6#)cO
zTmM^bcFru=RxSR2?ix(ZL;@s00wh2JBtQZrKmsH{0wh2JBtQZrKmsH{0wh2JBtQZr
zKmsH{0wh2JBtQZrKmsH{0wh2JBtQZrKmsH{0wh2JBtQZrKmsH{0wh2JBtQZrKmsH{
z0wh2JBtQZrKmsH{0wh2JBtQZrKmsH{0wh2JBtQZrKmsH{0wh2JBtQZrKmsH{0wh2J
zBtQZrKmsH{0wh2JBtQZrKmsH{0wh2JBtQZrKmsH{0wh2JBtQZrKmsH{0wh2JBtQZr
zKmsH{0wh2JBtQZrKmsH{0wh2JBtQZrKmsH{0wh2JBtQZrKmsH{0wh2JBtQZrKmsH{
z0wh2JBtQZrKmsH{0wh2JBtQZrKmsH{0wh2JBtQZrKmsH{0wh2JBtQZrKmsH{0wh2J
zBtQZrKmsH{0wh2JBtQZrKmsH{0wh2JBtQZrKmsH{0wh2JBtQZrKmsH{0wh2JBtQZr
uKmsH{0wh2Jrzg-WS;<JJq$O%Sx%1MEt4c*|blW19+=Qo05-2<VK>q^BKV2OF

diff --git a/x-pack/winlogbeat/module/security/test/testdata/4912_WindowsSrv2016.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4912_WindowsSrv2016.evtx.golden.json
deleted file mode 100644
index 5e9a933c7bb8..000000000000
--- a/x-pack/winlogbeat/module/security/test/testdata/4912_WindowsSrv2016.evtx.golden.json
+++ /dev/null
@@ -1,70 +0,0 @@
-[
-  {
-    "@timestamp": "2020-08-18T14:36:41.2936839Z",
-    "event": {
-      "action": "per-user-audit-policy-changed",
-      "category": [
-        "iam",
-        "configuration"
-      ],
-      "code": 4912,
-      "kind": "event",
-      "module": "security",
-      "outcome": "success",
-      "provider": "Microsoft-Windows-Security-Auditing",
-      "type": [
-        "admin",
-        "change"
-      ]
-    },
-    "host": {
-      "name": "WIN-BVM4LI1L1Q6.TEST.local"
-    },
-    "log": {
-      "level": "information"
-    },
-    "related": {
-      "user": "Administrator"
-    },
-    "user": {
-      "domain": "TEST",
-      "id": "S-1-5-21-2024912787-2692429404-2351956786-500",
-      "name": "Administrator"
-    },
-    "winlog": {
-      "activity_id": "{65461d39-753f-0000-731d-46653f75d601}",
-      "api": "wineventlog",
-      "channel": "Security",
-      "computer_name": "WIN-BVM4LI1L1Q6.TEST.local",
-      "event_data": {
-        "AuditPolicyChanges": "%%8452",
-        "CategoryId": "%%8276",
-        "SubcategoryGuid": "{0cce924a-69ae-11d9-bed3-505054503030}",
-        "SubcategoryId": "%%13317",
-        "SubjectDomainName": "TEST",
-        "SubjectLogonId": "0x44d7d",
-        "SubjectUserName": "Administrator",
-        "SubjectUserSid": "S-1-5-21-2024912787-2692429404-2351956786-500",
-        "TargetUserSid": "S-1-5-21-2024912787-2692429404-2351956786-500"
-      },
-      "event_id": 4912,
-      "keywords": [
-        "Audit Success"
-      ],
-      "logon": {
-        "id": "0x44d7d"
-      },
-      "opcode": "Info",
-      "process": {
-        "pid": 780,
-        "thread": {
-          "id": 3300
-        }
-      },
-      "provider_guid": "{54849625-5478-4994-a5ba-3e3b0328c30d}",
-      "provider_name": "Microsoft-Windows-Security-Auditing",
-      "record_id": 123917,
-      "task": "Audit Policy Change"
-    }
-  }
-]
\ No newline at end of file