Winlogbeat Sysmon Registry events missing event.category

Hello,

My Sysmon registry events (Registry object added or deleted (rule: RegistryEvent)) seem to be missing an event.category field. (7.8)

What event.category should be given to these Sysmon events?

Grtz

Willem

Hello @willemdh ! Indeed it seems we lack a category value for registry related events. I opened an issue here to keep track of how we can improve this.

Thanks for bringing this up!