This documentation contains work-in-progress information for future Elastic Stack and Cloud releases. Use the version selector to view supported release docs. It also contains some Elastic Cloud serverless information. Check out our serverless docs for more details.
« Security module fields Winlogbeat fields »
Elastic Docs Winlogbeat Reference [master] Exported fields

Sysmon module fields

Sysmon module fields

These are the event fields specific to the Sysmon module.

sysmon.dns.status

Windows status code returned for the DNS query.

type: keyword

sysmon.file.archived

Indicates if the deleted file was archived.

type: boolean

sysmon.file.is_executable

Indicates if the deleted file was an executable.

type: boolean

« Security module fields Winlogbeat fields »