-
Notifications
You must be signed in to change notification settings - Fork 375
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[System.Security] For Windows, store the split access list and mask values #9907
base: main
Are you sure you want to change the base?
Conversation
…lues as a list of values instead of a multi-line string value.
🚀 Benchmarks reportTo see the full report comment with |
I'm finding out if AccessList should be fixed too per the user that I was talking with. |
I confirmed they would like the AccessList to be brought back into alignment as well. Change has been pushed to this pull request now. |
Quality Gate passedIssues Measures |
💚 Build Succeeded
History
cc @a03nikki |
Proposed commit message
Added logic to store the individual
winlog.event_data.AccessList
andwinlog.event_data.AccessMask
values as a list of values instead of a multi-line string value.This brings the format in alignment with the previous Winlogbeat v7 format of these values.
Checklist
changelog.yml
file.Author's Checklist
How to test this PR locally
elastic-package test
Related issues
Screenshots
This was found while comparing Winlogbeat 7.10.1 output to Elastic Agent v8.12.1 with System integration version approximate 1.48.1.
Winlogbeat v7.10.1 for event code
4674
documents had thisBut Elastic Agent v8.12.1, had this
After this Elasticsearch ingest pipeline change, the Elastic Agent should return to be the list of values again like Winlogbeat.