Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add process.name.caseless to logs-system.* mapping #8913

Closed
mbudge opened this issue Jan 17, 2024 · 3 comments · Fixed by #10533
Closed

Add process.name.caseless to logs-system.* mapping #8913

mbudge opened this issue Jan 17, 2024 · 3 comments · Fixed by #10533
Labels
Integration:system System Team:Security-Windows Platform Security Windows Platform team [elastic/sec-windows-platform]

Comments

@mbudge
Copy link

mbudge commented Jan 17, 2024

Please can we add process.name.caseless to the logs-system.* so we can get security rules which use this field working?

elastic/detection-rules#3390
@elasticmachine
Copy link

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@narph narph added Team:Security-Windows Platform Security Windows Platform team [elastic/sec-windows-platform] and removed Team:Security-External Integrations release-pending labels Jan 25, 2024
@mbudge
Copy link
Author

mbudge commented Feb 1, 2024

These rules require process.name.caseless in winlogbeat-, logs-windows. and logs-system.security*

Discovery of Internet Capabilities via Built-in Tools
Microsoft Build Engine Started by a Script Process
Query Registry using Built-in Tools

@w0rk3r w0rk3r mentioned this issue May 13, 2024
Closed
4 tasks
@w0rk3r
Copy link
Contributor

w0rk3r commented Jul 11, 2024
edited
Loading

Changes were incorporated in ECS: elastic/ecs#2341.

They will probably be in 8.16, as this is not blocking any work and is an enhancement, I closed #9850 and will wait for the ECS release to modify the related rules.

@w0rk3r w0rk3r closed this as completed Jul 11, 2024
@w0rk3r w0rk3r mentioned this issue Jul 18, 2024
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Integration:system System Team:Security-Windows Platform Security Windows Platform team [elastic/sec-windows-platform]
Projects
None yet
Milestone
No milestone
5 participants
@narph @mbudge @elasticmachine @w0rk3r @jamiehynds