Winlogbeat Sysmon Registry events missing event.category

willemdh · October 7, 2020, 2:08pm

Hello,

My Sysmon registry events (Registry object added or deleted (rule: RegistryEvent)) seem to be missing an event.category field. (7.8)

What event.category should be given to these Sysmon events?

Grtz

Willem

marc.guasch · October 8, 2020, 1:14pm

Hello @willemdh ! Indeed it seems we lack a category value for registry related events. I opened an issue here to keep track of how we can improve this.

Thanks for bringing this up!

system · November 5, 2020, 3:14pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Winlogbeat Sysmon Configuration Registry fields seems to map the wrong value of the registry Beats winlogbeat	2	433	June 28, 2021
Winlogbeat Sysmon Configuration Registry fields seems to map the wrong value of the registry Beats winlogbeat	1	440	August 2, 2021
Winlogbeat 7.9 removed a field? Beats winlogbeat	2	296	October 21, 2020
No event.category in Winlogbeat Beats winlogbeat	7	409	October 19, 2023
Winlogbeat Sysmon Configuration Registry fields seems to map the wrong value of the registry Beats winlogbeat	3	737	September 13, 2021

Winlogbeat Sysmon Registry events missing event.category

Related topics