Skip to content

Commit fff7cdf

Browse files
mauneel-sorathiamauneel-sorathia
committed
Resolved log pipeline failures
1 parent 42e9025 commit fff7cdf

File tree

2 files changed

+292
-120
lines changed

2 files changed

+292
-120
lines changed

microsoft_sysmon/assets/logs/microsoft-sysmon.yaml

+85-15
Original file line numberDiff line numberDiff line change
@@ -3,9 +3,49 @@ metric_id: microsoft-sysmon
33
backend_only: false
44
facets:
55
- groups:
6-
- User
7-
name: User Name
8-
path: usr.name
6+
- DNS
7+
name: Answer Name
8+
path: dns.answer.name
9+
source: log
10+
- groups:
11+
- DNS
12+
name: Question Name
13+
path: dns.question.name
14+
source: log
15+
- groups:
16+
- Geoip
17+
name: City Name
18+
path: network.client.geoip.city.name
19+
source: log
20+
- groups:
21+
- Geoip
22+
name: Continent Code
23+
path: network.client.geoip.continent.code
24+
source: log
25+
- groups:
26+
- Geoip
27+
name: Continent Name
28+
path: network.client.geoip.continent.name
29+
source: log
30+
- groups:
31+
- Geoip
32+
name: Country ISO Code
33+
path: network.client.geoip.country.iso_code
34+
source: log
35+
- groups:
36+
- Geoip
37+
name: Country Name
38+
path: network.client.geoip.country.name
39+
source: log
40+
- groups:
41+
- Geoip
42+
name: Subdivision ISO Code
43+
path: network.client.geoip.subdivision.iso_code
44+
source: log
45+
- groups:
46+
- Geoip
47+
name: Subdivision Name
48+
path: network.client.geoip.subdivision.name
949
source: log
1050
- groups:
1151
- Web Access
@@ -14,28 +54,58 @@ facets:
1454
source: log
1555
- groups:
1656
- Web Access
17-
name: Destination IP
18-
path: network.destination.ip
57+
name: Client Port
58+
path: network.client.port
59+
source: log
60+
- groups:
61+
- Geoip
62+
name: Destination City Name
63+
path: network.destination.geoip.city.name
64+
source: log
65+
- groups:
66+
- Geoip
67+
name: Destination Continent Code
68+
path: network.destination.geoip.continent.code
69+
source: log
70+
- groups:
71+
- Geoip
72+
name: Destination Continent Name
73+
path: network.destination.geoip.continent.name
74+
source: log
75+
- groups:
76+
- Geoip
77+
name: Destination Country ISO Code
78+
path: network.destination.geoip.country.iso_code
79+
source: log
80+
- groups:
81+
- Geoip
82+
name: Destination Country Name
83+
path: network.destination.geoip.country.name
84+
source: log
85+
- groups:
86+
- Geoip
87+
name: Destination Subdivision ISO Code
88+
path: network.destination.geoip.subdivision.iso_code
89+
source: log
90+
- groups:
91+
- Geoip
92+
name: Destination Subdivision Name
93+
path: network.destination.geoip.subdivision.name
1994
source: log
2095
- groups:
2196
- Web Access
22-
name: Client Port
23-
path: network.client.port
97+
name: Destination IP
98+
path: network.destination.ip
2499
source: log
25100
- groups:
26101
- Web Access
27102
name: Destination Port
28103
path: network.destination.port
29104
source: log
30105
- groups:
31-
- DNS
32-
name: Question Name
33-
path: dns.question.name
34-
source: log
35-
- groups:
36-
- DNS
37-
name: Answer Name
38-
path: dns.answer.name
106+
- User
107+
name: User Name
108+
path: usr.name
39109
source: log
40110
pipeline:
41111
type: pipeline

0 commit comments

Comments
 (0)