Hi All,
I was looking at some Winlogbeat events, and I noticed that it doesn't seem to be properly handling CN's with comma(s) in them.
Example (backslashes present to show escapes):
Have a user like so: Admin\\, user
For the related.users field I would expect to see:
"related": {
"user": [
"Admin\\, user"
]
}
Instead what I see is:
"related": {
"user": [
"user",
"Admin\\"
]
}
I'm using Winlogbeat 7.10.0 currently, but didn't see any patch notes from the later releases regarding this.