I just completed upgrading my winlogbeat versions to 7.9.1. As part of this upgrade it now appears that my winlogbeat agent is no longer parsing this particular event type?
This event type is part a sysmon job that is tied to the Mitre Attack Framework and is part of our monitoring dashboard.
Any thoughts on how to get this back without reverting to a lower version?
Since v7.8.0 it's been using the ECS rule.name field for this data.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
