diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 595248c2293..4b71e89d405 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -271,6 +271,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d *Winlogbeat* - Fix data race affecting config validation at startup. {issue}13005[13005] +- Set host.name to computername in Windows event logs & sysmon. Requires {pull}14407[14407] in libbeat to work {issue}13706[13706] *Functionbeat* diff --git a/winlogbeat/eventlog/eventlog.go b/winlogbeat/eventlog/eventlog.go index 3023ad704cd..f5469dd408a 100644 --- a/winlogbeat/eventlog/eventlog.go +++ b/winlogbeat/eventlog/eventlog.go @@ -134,6 +134,7 @@ func (e Record) ToEvent() beat.Event { m.Put("event.code", e.EventIdentifier.ID) m.Put("event.provider", e.Provider.Name) addOptional(m, "event.action", e.Task) + addOptional(m, "host.name", e.Computer) m.Put("event.created", time.Now()) diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2012r2-logon.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2012r2-logon.evtx.golden.json index 6b80148fc45..7f7c831ebd4 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2012r2-logon.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2012r2-logon.evtx.golden.json @@ -11,6 +11,9 @@ "provider": "Microsoft-Windows-Security-Auditing", "type": "authentication_success" }, + "host": { + "name": "vagrant-2012-r2" + }, "log": { "level": "information" }, @@ -83,6 +86,9 @@ "provider": "Microsoft-Windows-Security-Auditing", "type": "authentication_success" }, + "host": { + "name": "vagrant-2012-r2" + }, "log": { "level": "information" }, @@ -155,6 +161,9 @@ "provider": "Microsoft-Windows-Security-Auditing", "type": "authentication_success" }, + "host": { + "name": "vagrant-2012-r2" + }, "log": { "level": "information" }, @@ -230,6 +239,9 @@ "provider": "Microsoft-Windows-Security-Auditing", "type": "authentication_success" }, + "host": { + "name": "vagrant-2012-r2" + }, "log": { "level": "information" }, @@ -302,6 +314,9 @@ "provider": "Microsoft-Windows-Security-Auditing", "type": "authentication_success" }, + "host": { + "name": "vagrant-2012-r2" + }, "log": { "level": "information" }, @@ -374,6 +389,9 @@ "provider": "Microsoft-Windows-Security-Auditing", "type": "authentication_success" }, + "host": { + "name": "vagrant-2012-r2" + }, "log": { "level": "information" }, @@ -446,6 +464,9 @@ "provider": "Microsoft-Windows-Security-Auditing", "type": "authentication_success" }, + "host": { + "name": "vagrant-2012-r2" + }, "log": { "level": "information" }, @@ -518,6 +539,9 @@ "provider": "Microsoft-Windows-Security-Auditing", "type": "authentication_success" }, + "host": { + "name": "vagrant-2012-r2" + }, "log": { "level": "information" }, @@ -590,6 +614,9 @@ "provider": "Microsoft-Windows-Security-Auditing", "type": "authentication_success" }, + "host": { + "name": "vagrant-2012-r2" + }, "log": { "level": "information" }, @@ -665,6 +692,9 @@ "provider": "Microsoft-Windows-Security-Auditing", "type": "authentication_success" }, + "host": { + "name": "vagrant-2012-r2" + }, "log": { "level": "information" }, @@ -737,6 +767,9 @@ "provider": "Microsoft-Windows-Security-Auditing", "type": "authentication_success" }, + "host": { + "name": "vagrant-2012-r2" + }, "log": { "level": "information" }, @@ -812,6 +845,9 @@ "provider": "Microsoft-Windows-Security-Auditing", "type": "authentication_success" }, + "host": { + "name": "vagrant-2012-r2" + }, "log": { "level": "information" }, @@ -884,6 +920,9 @@ "provider": "Microsoft-Windows-Security-Auditing", "type": "authentication_success" }, + "host": { + "name": "vagrant-2012-r2" + }, "log": { "level": "information" }, @@ -956,6 +995,9 @@ "provider": "Microsoft-Windows-Security-Auditing", "type": "authentication_success" }, + "host": { + "name": "vagrant-2012-r2" + }, "log": { "level": "information" }, @@ -1028,6 +1070,9 @@ "provider": "Microsoft-Windows-Security-Auditing", "type": "authentication_success" }, + "host": { + "name": "vagrant-2012-r2" + }, "log": { "level": "information" }, @@ -1100,6 +1145,9 @@ "provider": "Microsoft-Windows-Security-Auditing", "type": "authentication_success" }, + "host": { + "name": "vagrant-2012-r2" + }, "log": { "level": "information" }, @@ -1172,6 +1220,9 @@ "provider": "Microsoft-Windows-Security-Auditing", "type": "authentication_success" }, + "host": { + "name": "vagrant-2012-r2" + }, "log": { "level": "information" }, @@ -1244,6 +1295,9 @@ "provider": "Microsoft-Windows-Security-Auditing", "type": "authentication_failure" }, + "host": { + "name": "vagrant-2012-r2" + }, "log": { "level": "information" }, diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016-4672.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016-4672.evtx.golden.json index 7fb416a3f6b..32b1527f4b8 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016-4672.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016-4672.evtx.golden.json @@ -8,6 +8,9 @@ "module": "security", "provider": "Microsoft-Windows-Security-Auditing" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016-logoff.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016-logoff.evtx.golden.json index 5f12c38c432..8b9784d7595 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016-logoff.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016-logoff.evtx.golden.json @@ -8,6 +8,9 @@ "module": "security", "provider": "Microsoft-Windows-Security-Auditing" }, + "host": { + "name": "WIN-41OB2LO92CR" + }, "log": { "level": "information" }, @@ -58,6 +61,9 @@ "module": "security", "provider": "Microsoft-Windows-Security-Auditing" }, + "host": { + "name": "WIN-41OB2LO92CR" + }, "log": { "level": "information" }, diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4720_Account_Created.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4720_Account_Created.evtx.golden.json index eb5794a01e1..2f1c605a18c 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4720_Account_Created.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4720_Account_Created.evtx.golden.json @@ -8,6 +8,9 @@ "module": "security", "provider": "Microsoft-Windows-Security-Auditing" }, + "host": { + "name": "WIN-41OB2LO92CR" + }, "log": { "level": "information" }, @@ -81,6 +84,9 @@ "module": "security", "provider": "Microsoft-Windows-Security-Auditing" }, + "host": { + "name": "WIN-41OB2LO92CR" + }, "log": { "level": "information" }, diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4722_Account_Enabled.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4722_Account_Enabled.evtx.golden.json index 5a21729bfd7..540d8472aa3 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4722_Account_Enabled.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4722_Account_Enabled.evtx.golden.json @@ -8,6 +8,9 @@ "module": "security", "provider": "Microsoft-Windows-Security-Auditing" }, + "host": { + "name": "WIN-41OB2LO92CR" + }, "log": { "level": "information" }, @@ -62,6 +65,9 @@ "module": "security", "provider": "Microsoft-Windows-Security-Auditing" }, + "host": { + "name": "WIN-41OB2LO92CR" + }, "log": { "level": "information" }, diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4723_Password_Change.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4723_Password_Change.evtx.golden.json index 93192e02b24..d574664d27b 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4723_Password_Change.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4723_Password_Change.evtx.golden.json @@ -8,6 +8,9 @@ "module": "security", "provider": "Microsoft-Windows-Security-Auditing" }, + "host": { + "name": "WIN-41OB2LO92CR" + }, "log": { "level": "information" }, @@ -63,6 +66,9 @@ "module": "security", "provider": "Microsoft-Windows-Security-Auditing" }, + "host": { + "name": "WIN-41OB2LO92CR" + }, "log": { "level": "information" }, diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4724_Password_Reset.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4724_Password_Reset.evtx.golden.json index 4de0c677b6d..ebdecace1e9 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4724_Password_Reset.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4724_Password_Reset.evtx.golden.json @@ -8,6 +8,9 @@ "module": "security", "provider": "Microsoft-Windows-Security-Auditing" }, + "host": { + "name": "WIN-41OB2LO92CR" + }, "log": { "level": "information" }, @@ -62,6 +65,9 @@ "module": "security", "provider": "Microsoft-Windows-Security-Auditing" }, + "host": { + "name": "WIN-41OB2LO92CR" + }, "log": { "level": "information" }, diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4725_Account_Disabled.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4725_Account_Disabled.evtx.golden.json index b4dbc1557a1..816df79f3d5 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4725_Account_Disabled.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4725_Account_Disabled.evtx.golden.json @@ -8,6 +8,9 @@ "module": "security", "provider": "Microsoft-Windows-Security-Auditing" }, + "host": { + "name": "WIN-41OB2LO92CR" + }, "log": { "level": "information" }, @@ -62,6 +65,9 @@ "module": "security", "provider": "Microsoft-Windows-Security-Auditing" }, + "host": { + "name": "WIN-41OB2LO92CR" + }, "log": { "level": "information" }, diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4726_Account_Deleted.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4726_Account_Deleted.evtx.golden.json index a63b5271785..254d13c88f4 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4726_Account_Deleted.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4726_Account_Deleted.evtx.golden.json @@ -8,6 +8,9 @@ "module": "security", "provider": "Microsoft-Windows-Security-Auditing" }, + "host": { + "name": "WIN-41OB2LO92CR" + }, "log": { "level": "information" }, @@ -63,6 +66,9 @@ "module": "security", "provider": "Microsoft-Windows-Security-Auditing" }, + "host": { + "name": "WIN-41OB2LO92CR" + }, "log": { "level": "information" }, diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4738_Account_Changed.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4738_Account_Changed.evtx.golden.json index 536370d050b..2bc9cd7b28e 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4738_Account_Changed.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4738_Account_Changed.evtx.golden.json @@ -8,6 +8,9 @@ "module": "security", "provider": "Microsoft-Windows-Security-Auditing" }, + "host": { + "name": "WIN-41OB2LO92CR" + }, "log": { "level": "information" }, @@ -82,6 +85,9 @@ "module": "security", "provider": "Microsoft-Windows-Security-Auditing" }, + "host": { + "name": "WIN-41OB2LO92CR" + }, "log": { "level": "information" }, diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4740_Account_Locked_Out.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4740_Account_Locked_Out.evtx.golden.json index 773a6bfdbdf..f25287abd6b 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4740_Account_Locked_Out.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4740_Account_Locked_Out.evtx.golden.json @@ -8,6 +8,9 @@ "module": "security", "provider": "Microsoft-Windows-Security-Auditing" }, + "host": { + "name": "WIN-41OB2LO92CR" + }, "log": { "level": "information" }, diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4767_Account_Unlocked.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4767_Account_Unlocked.evtx.golden.json index ac2b0e82189..fb2abfcad4d 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4767_Account_Unlocked.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4767_Account_Unlocked.evtx.golden.json @@ -8,6 +8,9 @@ "module": "security", "provider": "Microsoft-Windows-Security-Auditing" }, + "host": { + "name": "WIN-41OB2LO92CR" + }, "log": { "level": "information" }, diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4781_Account_Renamed.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4781_Account_Renamed.evtx.golden.json index 889702c30f3..30d8ace09ae 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4781_Account_Renamed.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4781_Account_Renamed.evtx.golden.json @@ -8,6 +8,9 @@ "module": "security", "provider": "Microsoft-Windows-Security-Auditing" }, + "host": { + "name": "WIN-41OB2LO92CR" + }, "log": { "level": "information" }, @@ -60,6 +63,9 @@ "module": "security", "provider": "Microsoft-Windows-Security-Auditing" }, + "host": { + "name": "WIN-41OB2LO92CR" + }, "log": { "level": "information" }, diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2019_4688_Process_Created.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2019_4688_Process_Created.evtx.golden.json index 96a20958090..80c02f7fb82 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2019_4688_Process_Created.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2019_4688_Process_Created.evtx.golden.json @@ -10,6 +10,9 @@ "provider": "Microsoft-Windows-Security-Auditing", "type": "process_start" }, + "host": { + "name": "vagrant" + }, "log": { "level": "information" }, diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2019_4689_Process_Exited.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2019_4689_Process_Exited.evtx.golden.json index 9be0fd765ca..4e7d13ea189 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2019_4689_Process_Exited.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2019_4689_Process_Exited.evtx.golden.json @@ -10,6 +10,9 @@ "provider": "Microsoft-Windows-Security-Auditing", "type": "process_end" }, + "host": { + "name": "vagrant" + }, "log": { "level": "information" }, @@ -63,6 +66,9 @@ "provider": "Microsoft-Windows-Security-Auditing", "type": "process_end" }, + "host": { + "name": "vagrant" + }, "log": { "level": "information" }, @@ -116,6 +122,9 @@ "provider": "Microsoft-Windows-Security-Auditing", "type": "process_end" }, + "host": { + "name": "vagrant" + }, "log": { "level": "information" }, diff --git a/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-10.2-dns.evtx.golden.json b/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-10.2-dns.evtx.golden.json index 2516dfa1ab6..72d09fa2971 100644 --- a/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-10.2-dns.evtx.golden.json +++ b/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-10.2-dns.evtx.golden.json @@ -30,6 +30,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -98,6 +101,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -167,6 +173,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -240,6 +249,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -308,6 +320,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -383,6 +398,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -447,6 +465,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -520,6 +541,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -580,6 +604,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -656,6 +683,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -764,6 +794,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -828,6 +861,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -896,6 +932,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -969,6 +1008,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -1029,6 +1071,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -1103,6 +1148,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -1171,6 +1219,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -1239,6 +1290,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -1334,6 +1388,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -1409,6 +1466,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -1529,6 +1589,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -1637,6 +1700,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -1750,6 +1816,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -1828,6 +1897,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -1943,6 +2015,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -2061,6 +2136,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -2125,6 +2203,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -2234,6 +2315,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -2302,6 +2386,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -2411,6 +2498,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -2475,6 +2565,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -2539,6 +2632,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -2642,6 +2738,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -2734,6 +2833,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -2798,6 +2900,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -2897,6 +3002,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -3011,6 +3119,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -3126,6 +3237,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -3190,6 +3304,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -3304,6 +3421,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -3412,6 +3532,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -3476,6 +3599,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -3536,6 +3662,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -3613,6 +3742,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -3717,6 +3849,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -3825,6 +3960,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -3897,6 +4035,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -4012,6 +4153,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -4085,6 +4229,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -4178,6 +4325,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -4246,6 +4396,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -4310,6 +4463,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -4361,6 +4517,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -4412,6 +4571,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -4521,6 +4683,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -4594,6 +4759,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -4658,6 +4826,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -4767,6 +4938,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -4840,6 +5014,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -4949,6 +5126,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -5013,6 +5193,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -5092,6 +5275,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -5171,6 +5357,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -5236,6 +5425,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -5345,6 +5537,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -5460,6 +5655,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -5575,6 +5773,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -5684,6 +5885,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -5757,6 +5961,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -5836,6 +6043,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -5900,6 +6110,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -6009,6 +6222,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -6128,6 +6344,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -6236,6 +6455,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -6304,6 +6526,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -6418,6 +6643,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -6486,6 +6714,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -6600,6 +6831,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -6709,6 +6943,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -6796,6 +7033,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -6911,6 +7151,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -7000,6 +7243,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -7060,6 +7306,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -7169,6 +7418,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -7248,6 +7500,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -7308,6 +7563,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -7417,6 +7675,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -7527,6 +7788,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -7616,6 +7880,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -7725,6 +7992,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -7823,6 +8093,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -7921,6 +8194,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -8040,6 +8316,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -8150,6 +8429,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -8253,6 +8535,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -8362,6 +8647,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -8471,6 +8759,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -8539,6 +8830,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -8646,6 +8940,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -8714,6 +9011,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -8793,6 +9093,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -8862,6 +9165,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -8931,6 +9237,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -8999,6 +9308,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -9068,6 +9380,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -9132,6 +9447,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -9205,6 +9523,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -9273,6 +9594,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -9345,6 +9669,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -9413,6 +9740,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -9481,6 +9811,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -9549,6 +9882,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -9664,6 +10000,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -9743,6 +10082,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -9813,6 +10155,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -9923,6 +10268,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -9983,6 +10331,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -10051,6 +10402,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -10165,6 +10519,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -10229,6 +10586,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -10297,6 +10657,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -10409,6 +10772,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -10527,6 +10893,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -10595,6 +10964,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -10709,6 +11081,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -10824,6 +11199,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -10934,6 +11312,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -11039,6 +11420,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -11154,6 +11538,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -11478,6 +11865,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -11607,6 +11997,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -11671,6 +12064,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -11743,6 +12139,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -11794,6 +12193,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -11862,6 +12264,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -11977,6 +12382,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -12092,6 +12500,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -12160,6 +12571,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -12269,6 +12683,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -12378,6 +12795,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -12486,6 +12906,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -12583,6 +13006,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -12651,6 +13077,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -12719,6 +13148,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -12828,6 +13260,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -12908,6 +13343,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -13023,6 +13461,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -13087,6 +13528,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -13155,6 +13599,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -13219,6 +13666,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -13270,6 +13720,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -13320,6 +13773,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -13370,6 +13826,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -13442,6 +13901,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -13506,6 +13968,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, @@ -13604,6 +14069,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2016" + }, "log": { "level": "information" }, diff --git a/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-9.01.evtx.golden.json b/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-9.01.evtx.golden.json index 1717f1d687d..52d0cbafb74 100644 --- a/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-9.01.evtx.golden.json +++ b/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-9.01.evtx.golden.json @@ -7,6 +7,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2012-r2" + }, "log": { "level": "information" }, @@ -41,6 +44,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2012-r2" + }, "log": { "level": "information" }, @@ -85,6 +91,9 @@ "hash": { "sha1": "ac93c3b38e57a2715572933dbcb2a1c2892dbc5e" }, + "host": { + "name": "vagrant-2012-r2" + }, "log": { "level": "information" }, @@ -157,6 +166,9 @@ "hash": { "sha1": "6df8163a6320b80b60733f9d62e2f39b4b16b678" }, + "host": { + "name": "vagrant-2012-r2" + }, "log": { "level": "information" }, @@ -229,6 +241,9 @@ "provider": "Microsoft-Windows-Sysmon", "type": "process_end" }, + "host": { + "name": "vagrant-2012-r2" + }, "log": { "level": "information" }, @@ -271,6 +286,9 @@ "provider": "Microsoft-Windows-Sysmon", "type": "process_end" }, + "host": { + "name": "vagrant-2012-r2" + }, "log": { "level": "information" }, @@ -316,6 +334,9 @@ "hash": { "sha1": "5a4c0e82ff95c9fb762d46a696ef9f1b68001c21" }, + "host": { + "name": "vagrant-2012-r2" + }, "log": { "level": "information" }, @@ -390,6 +411,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2012-r2" + }, "log": { "level": "information" }, @@ -449,6 +473,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2012-r2" + }, "log": { "level": "information" }, @@ -509,6 +536,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2012-r2" + }, "log": { "level": "information" }, @@ -569,6 +599,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2012-r2" + }, "log": { "level": "information" }, @@ -629,6 +662,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2012-r2" + }, "log": { "level": "information" }, @@ -693,6 +729,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2012-r2" + }, "log": { "level": "information" }, @@ -755,6 +794,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2012-r2" + }, "log": { "level": "information" }, @@ -815,6 +857,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2012-r2" + }, "log": { "level": "information" }, @@ -874,6 +919,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2012-r2" + }, "log": { "level": "information" }, @@ -936,6 +984,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2012-r2" + }, "log": { "level": "information" }, @@ -998,6 +1049,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2012-r2" + }, "log": { "level": "information" }, @@ -1057,6 +1111,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2012-r2" + }, "log": { "level": "information" }, @@ -1116,6 +1173,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2012-r2" + }, "log": { "level": "information" }, @@ -1179,6 +1239,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2012-r2" + }, "log": { "level": "information" }, @@ -1242,6 +1305,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2012-r2" + }, "log": { "level": "information" }, @@ -1305,6 +1371,9 @@ "module": "sysmon", "provider": "Microsoft-Windows-Sysmon" }, + "host": { + "name": "vagrant-2012-r2" + }, "log": { "level": "information" }, @@ -1366,6 +1435,9 @@ "provider": "Microsoft-Windows-Sysmon", "type": "process_end" }, + "host": { + "name": "vagrant-2012-r2" + }, "log": { "level": "information" }, @@ -1408,6 +1480,9 @@ "provider": "Microsoft-Windows-Sysmon", "type": "process_end" }, + "host": { + "name": "vagrant-2012-r2" + }, "log": { "level": "information" }, @@ -1451,6 +1526,9 @@ "file": { "path": "C:\\Users\\vagrant\\AppData\\Local\\Google\\Chrome\\User Data\\fe823684-c940-49f2-a940-14b02cbafba9.tmp" }, + "host": { + "name": "vagrant-2012-r2" + }, "log": { "level": "information" }, @@ -1498,6 +1576,9 @@ "file": { "path": "C:\\Users\\vagrant\\AppData\\Local\\Google\\Chrome\\User Data\\162d4140-cfab-4d05-9c92-bca60515a622.tmp" }, + "host": { + "name": "vagrant-2012-r2" + }, "log": { "level": "information" }, @@ -1545,6 +1626,9 @@ "file": { "path": "C:\\Users\\vagrant\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\1450fedf-ac4c-4e35-b371-ed5d3bbe4776.tmp" }, + "host": { + "name": "vagrant-2012-r2" + }, "log": { "level": "information" }, @@ -1592,6 +1676,9 @@ "file": { "path": "C:\\Users\\vagrant\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\37ed32e9-3c5f-4663-8457-c70743e9456d.tmp" }, + "host": { + "name": "vagrant-2012-r2" + }, "log": { "level": "information" }, @@ -1638,6 +1725,9 @@ "provider": "Microsoft-Windows-Sysmon", "type": "process_end" }, + "host": { + "name": "vagrant-2012-r2" + }, "log": { "level": "information" }, @@ -1681,6 +1771,9 @@ "file": { "path": "C:\\Users\\vagrant\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Storage\\ext\\nmmhkkegccagdldgiimedpiccmgmieda\\def\\ecb9c915-c4c2-4600-a920-f2bc302990a8.tmp" }, + "host": { + "name": "vagrant-2012-r2" + }, "log": { "level": "information" }, @@ -1728,6 +1821,9 @@ "file": { "path": "C:\\Users\\vagrant\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Storage\\ext\\gfdkimpbcpahaombhbimeihdjnejgicl\\def\\ee4a6e45-bffd-49f4-98ae-32aebcc890b5.tmp" }, + "host": { + "name": "vagrant-2012-r2" + }, "log": { "level": "information" },