[Winlogbeat] Set host.name to computername (#14625) (#14688)

* Set host.name to computername

 - set host.name to computer name for windows events and sysmon
 - Add info about libbeat #14407 dependency

Fixes #13706

(cherry picked from commit da6dd9d)

CHANGELOG.next.asciidoc

@@ -271,6 +271,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
 *Winlogbeat*
 
 - Fix data race affecting config validation at startup. {issue}13005[13005]
+- Set host.name to computername in Windows event logs & sysmon. Requires {pull}14407[14407] in libbeat to work {issue}13706[13706]
 
 *Functionbeat*
 

winlogbeat/eventlog/eventlog.go

@@ -134,6 +134,7 @@ func (e Record) ToEvent() beat.Event {
  m.Put("event.code", e.EventIdentifier.ID)
  m.Put("event.provider", e.Provider.Name)
  addOptional(m, "event.action", e.Task)
+ addOptional(m, "host.name", e.Computer)
 
  m.Put("event.created", time.Now())
 

x-pack/winlogbeat/module/security/test/testdata/security-windows2012r2-logon.evtx.golden.json

@@ -11,6 +11,9 @@
  "provider": "Microsoft-Windows-Security-Auditing",
  "type": "authentication_success"
  },
+ "host": {
+ "name": "vagrant-2012-r2"
+ },
  "log": {
  "level": "information"
  },
@@ -83,6 +86,9 @@
  "provider": "Microsoft-Windows-Security-Auditing",
  "type": "authentication_success"
  },
+ "host": {
+ "name": "vagrant-2012-r2"
+ },
  "log": {
  "level": "information"
  },
@@ -155,6 +161,9 @@
  "provider": "Microsoft-Windows-Security-Auditing",
  "type": "authentication_success"
  },
+ "host": {
+ "name": "vagrant-2012-r2"
+ },
  "log": {
  "level": "information"
  },
@@ -230,6 +239,9 @@
  "provider": "Microsoft-Windows-Security-Auditing",
  "type": "authentication_success"
  },
+ "host": {
+ "name": "vagrant-2012-r2"
+ },
  "log": {
  "level": "information"
  },
@@ -302,6 +314,9 @@
  "provider": "Microsoft-Windows-Security-Auditing",
  "type": "authentication_success"
  },
+ "host": {
+ "name": "vagrant-2012-r2"
+ },
  "log": {
  "level": "information"
  },
@@ -374,6 +389,9 @@
  "provider": "Microsoft-Windows-Security-Auditing",
  "type": "authentication_success"
  },
+ "host": {
+ "name": "vagrant-2012-r2"
+ },
  "log": {
  "level": "information"
  },
@@ -446,6 +464,9 @@
  "provider": "Microsoft-Windows-Security-Auditing",
  "type": "authentication_success"
  },
+ "host": {
+ "name": "vagrant-2012-r2"
+ },
  "log": {
  "level": "information"
  },
@@ -518,6 +539,9 @@
  "provider": "Microsoft-Windows-Security-Auditing",
  "type": "authentication_success"
  },
+ "host": {
+ "name": "vagrant-2012-r2"
+ },
  "log": {
  "level": "information"
  },
@@ -590,6 +614,9 @@
  "provider": "Microsoft-Windows-Security-Auditing",
  "type": "authentication_success"
  },
+ "host": {
+ "name": "vagrant-2012-r2"
+ },
  "log": {
  "level": "information"
  },
@@ -665,6 +692,9 @@
  "provider": "Microsoft-Windows-Security-Auditing",
  "type": "authentication_success"
  },
+ "host": {
+ "name": "vagrant-2012-r2"
+ },
  "log": {
  "level": "information"
  },
@@ -737,6 +767,9 @@
  "provider": "Microsoft-Windows-Security-Auditing",
  "type": "authentication_success"
  },
+ "host": {
+ "name": "vagrant-2012-r2"
+ },
  "log": {
  "level": "information"
  },
@@ -812,6 +845,9 @@
  "provider": "Microsoft-Windows-Security-Auditing",
  "type": "authentication_success"
  },
+ "host": {
+ "name": "vagrant-2012-r2"
+ },
  "log": {
  "level": "information"
  },
@@ -884,6 +920,9 @@
  "provider": "Microsoft-Windows-Security-Auditing",
  "type": "authentication_success"
  },
+ "host": {
+ "name": "vagrant-2012-r2"
+ },
  "log": {
  "level": "information"
  },
@@ -956,6 +995,9 @@
  "provider": "Microsoft-Windows-Security-Auditing",
  "type": "authentication_success"
  },
+ "host": {
+ "name": "vagrant-2012-r2"
+ },
  "log": {
  "level": "information"
  },
@@ -1028,6 +1070,9 @@
  "provider": "Microsoft-Windows-Security-Auditing",
  "type": "authentication_success"
  },
+ "host": {
+ "name": "vagrant-2012-r2"
+ },
  "log": {
  "level": "information"
  },
@@ -1100,6 +1145,9 @@
  "provider": "Microsoft-Windows-Security-Auditing",
  "type": "authentication_success"
  },
+ "host": {
+ "name": "vagrant-2012-r2"
+ },
  "log": {
  "level": "information"
  },
@@ -1172,6 +1220,9 @@
  "provider": "Microsoft-Windows-Security-Auditing",
  "type": "authentication_success"
  },
+ "host": {
+ "name": "vagrant-2012-r2"
+ },
  "log": {
  "level": "information"
  },
@@ -1244,6 +1295,9 @@
  "provider": "Microsoft-Windows-Security-Auditing",
  "type": "authentication_failure"
  },
+ "host": {
+ "name": "vagrant-2012-r2"
+ },
  "log": {
  "level": "information"
  },

x-pack/winlogbeat/module/security/test/testdata/security-windows2016-4672.evtx.golden.json

@@ -8,6 +8,9 @@
  "module": "security",
  "provider": "Microsoft-Windows-Security-Auditing"
  },
+ "host": {
+ "name": "vagrant-2016"
+ },
  "log": {
  "level": "information"
  },

x-pack/winlogbeat/module/security/test/testdata/security-windows2016-logoff.evtx.golden.json

@@ -8,6 +8,9 @@
  "module": "security",
  "provider": "Microsoft-Windows-Security-Auditing"
  },
+ "host": {
+ "name": "WIN-41OB2LO92CR"
+ },
  "log": {
  "level": "information"
  },
@@ -58,6 +61,9 @@
  "module": "security",
  "provider": "Microsoft-Windows-Security-Auditing"
  },
+ "host": {
+ "name": "WIN-41OB2LO92CR"
+ },
  "log": {
  "level": "information"
  },

x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4720_Account_Created.evtx.golden.json

@@ -8,6 +8,9 @@
  "module": "security",
  "provider": "Microsoft-Windows-Security-Auditing"
  },
+ "host": {
+ "name": "WIN-41OB2LO92CR"
+ },
  "log": {
  "level": "information"
  },
@@ -81,6 +84,9 @@
  "module": "security",
  "provider": "Microsoft-Windows-Security-Auditing"
  },
+ "host": {
+ "name": "WIN-41OB2LO92CR"
+ },
  "log": {
  "level": "information"
  },

x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4722_Account_Enabled.evtx.golden.json

@@ -8,6 +8,9 @@
  "module": "security",
  "provider": "Microsoft-Windows-Security-Auditing"
  },
+ "host": {
+ "name": "WIN-41OB2LO92CR"
+ },
  "log": {
  "level": "information"
  },
@@ -62,6 +65,9 @@
  "module": "security",
  "provider": "Microsoft-Windows-Security-Auditing"
  },
+ "host": {
+ "name": "WIN-41OB2LO92CR"
+ },
  "log": {
  "level": "information"
  },

x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4723_Password_Change.evtx.golden.json

@@ -8,6 +8,9 @@
  "module": "security",
  "provider": "Microsoft-Windows-Security-Auditing"
  },
+ "host": {
+ "name": "WIN-41OB2LO92CR"
+ },
  "log": {
  "level": "information"
  },
@@ -63,6 +66,9 @@
  "module": "security",
  "provider": "Microsoft-Windows-Security-Auditing"
  },
+ "host": {
+ "name": "WIN-41OB2LO92CR"
+ },
  "log": {
  "level": "information"
  },

x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4724_Password_Reset.evtx.golden.json

@@ -8,6 +8,9 @@
  "module": "security",
  "provider": "Microsoft-Windows-Security-Auditing"
  },
+ "host": {
+ "name": "WIN-41OB2LO92CR"
+ },
  "log": {
  "level": "information"
  },
@@ -62,6 +65,9 @@
  "module": "security",
  "provider": "Microsoft-Windows-Security-Auditing"
  },
+ "host": {
+ "name": "WIN-41OB2LO92CR"
+ },
  "log": {
  "level": "information"
  },

x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4725_Account_Disabled.evtx.golden.json

@@ -8,6 +8,9 @@
  "module": "security",
  "provider": "Microsoft-Windows-Security-Auditing"
  },
+ "host": {
+ "name": "WIN-41OB2LO92CR"
+ },
  "log": {
  "level": "information"
  },
@@ -62,6 +65,9 @@
  "module": "security",
  "provider": "Microsoft-Windows-Security-Auditing"
  },
+ "host": {
+ "name": "WIN-41OB2LO92CR"
+ },
  "log": {
  "level": "information"
  },

x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4726_Account_Deleted.evtx.golden.json

@@ -8,6 +8,9 @@
  "module": "security",
  "provider": "Microsoft-Windows-Security-Auditing"
  },
+ "host": {
+ "name": "WIN-41OB2LO92CR"
+ },
  "log": {
  "level": "information"
  },
@@ -63,6 +66,9 @@
  "module": "security",
  "provider": "Microsoft-Windows-Security-Auditing"
  },
+ "host": {
+ "name": "WIN-41OB2LO92CR"
+ },
  "log": {
  "level": "information"
  },

x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4738_Account_Changed.evtx.golden.json

@@ -8,6 +8,9 @@
  "module": "security",
  "provider": "Microsoft-Windows-Security-Auditing"
  },
+ "host": {
+ "name": "WIN-41OB2LO92CR"
+ },
  "log": {
  "level": "information"
  },
@@ -82,6 +85,9 @@
  "module": "security",
  "provider": "Microsoft-Windows-Security-Auditing"
  },
+ "host": {
+ "name": "WIN-41OB2LO92CR"
+ },
  "log": {
  "level": "information"
  },

x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4740_Account_Locked_Out.evtx.golden.json

@@ -8,6 +8,9 @@
  "module": "security",
  "provider": "Microsoft-Windows-Security-Auditing"
  },
+ "host": {
+ "name": "WIN-41OB2LO92CR"
+ },
  "log": {
  "level": "information"
  },

x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4767_Account_Unlocked.evtx.golden.json

@@ -8,6 +8,9 @@
  "module": "security",
  "provider": "Microsoft-Windows-Security-Auditing"
  },
+ "host": {
+ "name": "WIN-41OB2LO92CR"
+ },
  "log": {
  "level": "information"
  },