A newer version is available. For the latest information, see the current release documentation.
« Security module fields Winlogbeat fields »
Elastic Docs Winlogbeat Reference [7.17] Exported fields

Sysmon module fields

edit

Sysmon module fields

edit

These are the event fields specific to the Sysmon module.

sysmon.dns.status

Windows status code returned for the DNS query.

type: keyword

sysmon.file.archived

Indicates if the deleted file was archived.

type: boolean

sysmon.file.is_executable

Indicates if the deleted file was an executable.

type: boolean

« Security module fields Winlogbeat fields »