File tree Expand file tree Collapse file tree 1 file changed +47
-5
lines changed
Expand file tree Collapse file tree 1 file changed +47
-5
lines changed Original file line number Diff line number Diff line change @@ -45,11 +45,6 @@ pipeline:
4545 - log.data.SubjectUserSid
4646 to : log.eventDataSubjectUserSid
4747
48- - rename :
49- from :
50- - log.data.SubjectUserSid
51- to : log.eventDataSubjectUserSid
52-
5348 - rename :
5449 from :
5550 - log.data.PrivilegeList
@@ -334,6 +329,51 @@ pipeline:
334329 - log.execution.ProcessID
335330 to : log.executionProcessID
336331
332+ - rename :
333+ from :
334+ - log.data.ObjectType
335+ to : log.eventDataObjectType
336+
337+ - rename :
338+ from :
339+ - log.data.AccessList
340+ to : log.eventDataAccessList
341+
342+ - rename :
343+ from :
344+ - log.data.HandleId
345+ to : log.eventDataHandleId
346+
347+ - rename :
348+ from :
349+ - log.data.ObjectName
350+ to : log.eventDataObjectName
351+
352+ - rename :
353+ from :
354+ - log.data.ResourceAttributes
355+ to : log.eventDataResourceAttributes
356+
357+ - rename :
358+ from :
359+ - log.data.OldSd
360+ to : log.eventDataOldSd
361+
362+ - rename :
363+ from :
364+ - log.data.NewSd
365+ to : log.eventDataNewSd
366+
367+ - rename :
368+ from :
369+ - log.data.ObjectServer
370+ to : log.eventDataObjectServer
371+
372+ - rename :
373+ from :
374+ - log.data.TransactionId
375+ to : log.eventDataTransactionId
376+
337377 - cast :
338378 to : " int"
339379 fields :
@@ -348,6 +388,7 @@ pipeline:
348388 - log.logonGuid
349389 - log.eventDataSchema
350390 - log.processThread
391+ - log.eventDataTransactionId
351392
352393 - trim :
353394 function : suffix
@@ -358,6 +399,7 @@ pipeline:
358399 - log.logonGuid
359400 - log.eventDataSchema
360401 - log.processThread
402+ - log.eventDataTransactionId
361403
362404 # Drop unnecessary events
363405 - drop :
You can’t perform that action at this time.
0 commit comments