File tree Expand file tree Collapse file tree 2 files changed +12
-0
lines changed
doc/endpoint/security/windows
src/endpoint/data_stream/security/windows Expand file tree Collapse file tree 2 files changed +12
-0
lines changed Original file line number Diff line number Diff line change @@ -51,13 +51,19 @@ This event is generated when a user logs off of the computer.
5151| process.Ext.code_signature.status |
5252| process.Ext.code_signature.subject_name |
5353| process.Ext.code_signature.trusted |
54+ | process.Ext.protection |
5455| process.Ext.session_info.logon_type |
56+ | process.Ext.token.integrity_level_name |
5557| process.code_signature.exists |
5658| process.code_signature.status |
5759| process.code_signature.subject_name |
5860| process.code_signature.trusted |
61+ | process.command_line |
5962| process.entity_id |
6063| process.executable |
64+ | process.name |
65+ | process.parent.executable |
66+ | process.pid |
6167| user.domain |
6268| user.effective.domain |
6369| user.effective.email |
Original file line number Diff line number Diff line change @@ -55,13 +55,19 @@ fields:
5555 - process.Ext.code_signature.status
5656 - process.Ext.code_signature.subject_name
5757 - process.Ext.code_signature.trusted
58+ - process.Ext.protection
5859 - process.Ext.session_info.logon_type
60+ - process.Ext.token.integrity_level_name
5961 - process.code_signature.exists
6062 - process.code_signature.status
6163 - process.code_signature.subject_name
6264 - process.code_signature.trusted
65+ - process.command_line
6366 - process.entity_id
6467 - process.executable
68+ - process.name
69+ - process.parent.executable
70+ - process.pid
6571 - user.domain
6672 - user.effective.domain
6773 - user.effective.email
You can’t perform that action at this time.
0 commit comments