Hello everyone !
I'm having trouble to get some of the fields. (Using winlogbeat)
For example: When I send windows defender logs I can't see fields such as "winlog.event_data.ActionType", winlog.event_data.MalwareName" etc.
Also I can't find the fields that required in the detection rules.
Do I need to parse log and add these field manually in the configurations or is there any way to make this automatically ?