|
1 | 1 | export enum FileFieldEnum { |
2 | 2 | FILE_TIMESTAMP_FIELD = '@timestamp', |
3 | | - FILE_VERSION_FIELD = '@version', |
4 | | - FILE_ID_FIELD = '_id', |
5 | | - FILE_BEAT_HOSTNAME_FIELD = 'logx.wineventlog.beat.hostname', |
6 | | - FILE_BEAT_NAME_FIELD = 'logx.wineventlog.beat.name', |
7 | | - FILE_BEAT_VERSION_FIELD = 'logx.wineventlog.beat.version', |
8 | | - FILE_COMPUTER_NAME_FIELD = 'logx.wineventlog.computer_name', |
9 | | - FILE_ACCESS_LIST_FIELD = 'logx.wineventlog.event_data.AccessList', |
10 | | - FILE_ACCESS_MASK_FIELD = 'logx.wineventlog.event_data.AccessMask', |
11 | | - FILE_HANDLE_ID_FIELD = 'logx.wineventlog.event_data.HandleId', |
12 | | - FILE_OBJECT_NAME_FIELD = 'logx.wineventlog.event_data.ObjectName', |
13 | | - FILE_OBJECT_SERVER_FIELD = 'logx.wineventlog.event_data.ObjectServer', |
14 | | - FILE_OBJECT_TYPE_FIELD = 'logx.wineventlog.event_data.ObjectType', |
15 | | - FILE_PROCESS_ID_FIELD = 'logx.wineventlog.event_data.ProcessId', |
16 | | - FILE_PROCESS_NAME_FIELD = 'logx.wineventlog.event_data.ProcessName', |
17 | | - FILE_RESOURCE_ATT_FIELD = 'logx.wineventlog.event_data.ResourceAttributes', |
18 | | - FILE_SUBJECT_DOMAIN_NAME_FIELD = 'logx.wineventlog.event_data.SubjectDomainName', |
19 | | - FILE_SUBJECT_LOGON_ID_FIELD = 'logx.wineventlog.event_data.SubjectLogonId', |
20 | | - FILE_SUBJECT_USER_NAME_FIELD = 'logx.wineventlog.event_data.SubjectUserName', |
21 | | - FILE_SUBJECT_USER_ID_FIELD = 'logx.wineventlog.event_data.SubjectUserSid', |
22 | | - FILE_EVENT_ID_FIELD = 'logx.wineventlog.event_id', |
23 | | - FILE_EVENT_NAME_FIELD = 'logx.wineventlog.event_name', |
24 | | - FILE_HOST_ARCHITECTURE_FIELD = 'logx.wineventlog.host.architecture', |
25 | | - FILE_HOST_ID_FIELD = 'logx.wineventlog.host.id', |
26 | | - FILE_HOST_NAME_FIELD = 'logx.wineventlog.host.name', |
27 | | - FILE_HOST_OS_NAME_FIELD = 'logx.wineventlog.host.os.name', |
28 | | - FILE_MESSAGE_FIELD = 'logx.wineventlog.message', |
29 | | - FILE_NEW_SDDL_FIELD = 'logx.wineventlog.event_data.NewSd', |
30 | | - FILE_OLD_SDDL_FIELD = 'logx.wineventlog.event_data.OldSd', |
31 | | - FILE_HOTS_OS_BUILD_FIELD = 'logx.wineventlog.host.os.build', |
32 | | - FILE_HOST_OS_FAMILY_FIELD = 'logx.wineventlog.host.os.family', |
33 | | - FILE_HOST_OS_PLATFORM_FIELD = 'logx.wineventlog.host.os.platform', |
34 | | - FILE_HOST_OS_VERSION_FIELD = 'logx.wineventlog.host.os.version', |
35 | | - FILE_KEYWORD_FIELD = 'logx.wineventlog.keywords', |
36 | | - FILE_LEVEL_FIELD = 'logx.wineventlog.level', |
37 | | - FILE_LOG_NAME_FIELD = 'logx.wineventlog.log_name', |
38 | | - FILE_OPCODE_FIELD = 'logx.wineventlog.opcode', |
39 | | - FILE_PROCESS_ID_SECONDARY_FIELD = 'logx.wineventlog.process_id', |
40 | | - FILE_PROVIDER_GUID_FIELD = 'logx.wineventlog.provider_guid', |
41 | | - FILE_SHARE_NAME_FIELD = 'logx.wineventlog.event_data.ShareName', |
42 | | - FILE_SHARE_PATH_FIELD = 'logx.wineventlog.event_data.ShareLocalPath', |
43 | | - FILE_SHARE_IPPORT_FIELD = 'logx.wineventlog.event_data.IpPort', |
| 3 | + FILE_ACCESS_LIST_FIELD = 'log.eventDataAccessList', |
| 4 | + FILE_ACCESS_MASK_FIELD = 'log.eventDataAccessMask', |
| 5 | + FILE_HANDLE_ID_FIELD = 'log.eventDataHandleId', |
| 6 | + FILE_OBJECT_NAME_FIELD = 'log.eventDataObjectName', |
| 7 | + FILE_OBJECT_SERVER_FIELD = 'log.eventDataObjectServer', |
| 8 | + FILE_OBJECT_TYPE_FIELD = 'log.eventDataObjectType', |
| 9 | + FILE_PROCESS_ID_FIELD = 'log.eventDataProcessId', |
| 10 | + FILE_PROCESS_NAME_FIELD = 'log.eventDataProcessName', |
| 11 | + FILE_RESOURCE_ATT_FIELD = 'log.eventDataResourceAttributes', |
| 12 | + FILE_SUBJECT_DOMAIN_NAME_FIELD = 'log.eventDataSubjectDomainName', |
| 13 | + FILE_SUBJECT_LOGON_ID_FIELD = 'log.eventDataSubjectLogonId', |
| 14 | + FILE_SUBJECT_USER_NAME_FIELD = 'log.eventDataSubjectUserName', |
| 15 | + FILE_SUBJECT_USER_ID_FIELD = 'log.eventDataSubjectUserSid', |
| 16 | + FILE_EVENT_ID_FIELD = 'log.eventCode', |
| 17 | + FILE_EVENT_NAME_FIELD = 'log.eventName', |
| 18 | + FILE_HOST_ARCHITECTURE_FIELD = 'log.cpuArchitecture', |
| 19 | + FILE_HOST_ID_FIELD = 'log.id', |
| 20 | + FILE_HOST_NAME_FIELD = 'origin.host', |
| 21 | + FILE_HOST_OS_NAME_FIELD = 'log.computer', |
| 22 | + FILE_MESSAGE_FIELD = 'log.eventName', |
| 23 | + FILE_NEW_SDDL_FIELD = 'log.eventDataNewSd', |
| 24 | + FILE_OLD_SDDL_FIELD = 'log.eventDataOldSd', |
| 25 | + FILE_HOTS_OS_BUILD_FIELD = 'log.host.os.build', |
| 26 | + FILE_HOST_OS_FAMILY_FIELD = 'log.host.os.family', |
| 27 | + FILE_HOST_OS_PLATFORM_FIELD = 'log.host.os.platform', |
| 28 | + FILE_HOST_OS_VERSION_FIELD = 'log.host.os.version', |
| 29 | + FILE_KEYWORD_FIELD = 'log.keywords', |
| 30 | + FILE_OPCODE_FIELD = 'log.opcode', |
| 31 | + FILE_PROVIDER_GUID_FIELD = 'log.providerGuid', |
| 32 | + FILE_SHARE_NAME_FIELD = 'log.eventDataShareName', |
| 33 | + FILE_SHARE_PATH_FIELD = 'log.eventDataShareLocalPath', |
44 | 34 | } |
0 commit comments