From 85448525d52b6d79609e0cc2999e3d4c7f650bd1 Mon Sep 17 00:00:00 2001 From: elasticmachine Date: Wed, 21 Apr 2021 05:41:17 +0000 Subject: [PATCH 1/4] docs: update docs --- README.md | 2 +- deploy/kubernetes/auditbeat-kubernetes.yaml | 2 +- deploy/kubernetes/filebeat-kubernetes.yaml | 2 +- deploy/kubernetes/metricbeat-kubernetes.yaml | 2 +- filebeat/modules.d/apache.yml.disabled | 2 +- filebeat/modules.d/auditd.yml.disabled | 2 +- filebeat/modules.d/elasticsearch.yml.disabled | 2 +- filebeat/modules.d/haproxy.yml.disabled | 2 +- filebeat/modules.d/icinga.yml.disabled | 2 +- filebeat/modules.d/iis.yml.disabled | 2 +- filebeat/modules.d/kafka.yml.disabled | 2 +- filebeat/modules.d/kibana.yml.disabled | 2 +- filebeat/modules.d/logstash.yml.disabled | 2 +- filebeat/modules.d/mongodb.yml.disabled | 2 +- filebeat/modules.d/mysql.yml.disabled | 2 +- filebeat/modules.d/nats.yml.disabled | 2 +- filebeat/modules.d/nginx.yml.disabled | 2 +- filebeat/modules.d/osquery.yml.disabled | 2 +- filebeat/modules.d/pensando.yml.disabled | 2 +- filebeat/modules.d/postgresql.yml.disabled | 2 +- filebeat/modules.d/redis.yml.disabled | 2 +- filebeat/modules.d/santa.yml.disabled | 2 +- filebeat/modules.d/system.yml.disabled | 2 +- filebeat/modules.d/traefik.yml.disabled | 2 +- libbeat/docs/version.asciidoc | 2 +- metricbeat/modules.d/aerospike.yml.disabled | 2 +- metricbeat/modules.d/apache.yml.disabled | 2 +- metricbeat/modules.d/beat-xpack.yml.disabled | 2 +- metricbeat/modules.d/beat.yml.disabled | 2 +- metricbeat/modules.d/ceph-mgr.yml.disabled | 2 +- metricbeat/modules.d/ceph.yml.disabled | 2 +- metricbeat/modules.d/consul.yml.disabled | 2 +- metricbeat/modules.d/couchbase.yml.disabled | 2 +- metricbeat/modules.d/couchdb.yml.disabled | 2 +- metricbeat/modules.d/docker.yml.disabled | 2 +- metricbeat/modules.d/dropwizard.yml.disabled | 2 +- metricbeat/modules.d/elasticsearch-xpack.yml.disabled | 2 +- metricbeat/modules.d/elasticsearch.yml.disabled | 2 +- metricbeat/modules.d/envoyproxy.yml.disabled | 2 +- metricbeat/modules.d/etcd.yml.disabled | 2 +- metricbeat/modules.d/golang.yml.disabled | 2 +- metricbeat/modules.d/graphite.yml.disabled | 2 +- metricbeat/modules.d/haproxy.yml.disabled | 2 +- metricbeat/modules.d/http.yml.disabled | 2 +- metricbeat/modules.d/jolokia.yml.disabled | 2 +- metricbeat/modules.d/kafka.yml.disabled | 2 +- metricbeat/modules.d/kibana-xpack.yml.disabled | 2 +- metricbeat/modules.d/kibana.yml.disabled | 2 +- metricbeat/modules.d/kubernetes.yml.disabled | 2 +- metricbeat/modules.d/kvm.yml.disabled | 2 +- metricbeat/modules.d/linux.yml.disabled | 2 +- metricbeat/modules.d/logstash-xpack.yml.disabled | 2 +- metricbeat/modules.d/logstash.yml.disabled | 2 +- metricbeat/modules.d/memcached.yml.disabled | 2 +- metricbeat/modules.d/mongodb.yml.disabled | 2 +- metricbeat/modules.d/munin.yml.disabled | 2 +- metricbeat/modules.d/mysql.yml.disabled | 2 +- metricbeat/modules.d/nats.yml.disabled | 2 +- metricbeat/modules.d/nginx.yml.disabled | 2 +- metricbeat/modules.d/php_fpm.yml.disabled | 2 +- metricbeat/modules.d/postgresql.yml.disabled | 2 +- metricbeat/modules.d/prometheus.yml.disabled | 2 +- metricbeat/modules.d/rabbitmq.yml.disabled | 2 +- metricbeat/modules.d/redis.yml.disabled | 2 +- metricbeat/modules.d/system.yml | 2 +- metricbeat/modules.d/traefik.yml.disabled | 2 +- metricbeat/modules.d/uwsgi.yml.disabled | 2 +- metricbeat/modules.d/vsphere.yml.disabled | 2 +- metricbeat/modules.d/windows.yml.disabled | 2 +- metricbeat/modules.d/zookeeper.yml.disabled | 2 +- x-pack/filebeat/modules.d/activemq.yml.disabled | 2 +- x-pack/filebeat/modules.d/aws.yml.disabled | 2 +- x-pack/filebeat/modules.d/awsfargate.yml.disabled | 2 +- x-pack/filebeat/modules.d/azure.yml.disabled | 2 +- x-pack/filebeat/modules.d/barracuda.yml.disabled | 2 +- x-pack/filebeat/modules.d/bluecoat.yml.disabled | 2 +- x-pack/filebeat/modules.d/cef.yml.disabled | 2 +- x-pack/filebeat/modules.d/checkpoint.yml.disabled | 2 +- x-pack/filebeat/modules.d/cisco.yml.disabled | 2 +- x-pack/filebeat/modules.d/coredns.yml.disabled | 2 +- x-pack/filebeat/modules.d/crowdstrike.yml.disabled | 2 +- x-pack/filebeat/modules.d/cyberark.yml.disabled | 2 +- x-pack/filebeat/modules.d/cyberarkpas.yml.disabled | 2 +- x-pack/filebeat/modules.d/cylance.yml.disabled | 2 +- x-pack/filebeat/modules.d/envoyproxy.yml.disabled | 2 +- x-pack/filebeat/modules.d/f5.yml.disabled | 2 +- x-pack/filebeat/modules.d/fortinet.yml.disabled | 2 +- x-pack/filebeat/modules.d/gcp.yml.disabled | 2 +- x-pack/filebeat/modules.d/google_workspace.yml.disabled | 2 +- x-pack/filebeat/modules.d/googlecloud.yml.disabled | 2 +- x-pack/filebeat/modules.d/gsuite.yml.disabled | 2 +- x-pack/filebeat/modules.d/ibmmq.yml.disabled | 2 +- x-pack/filebeat/modules.d/imperva.yml.disabled | 2 +- x-pack/filebeat/modules.d/infoblox.yml.disabled | 2 +- x-pack/filebeat/modules.d/iptables.yml.disabled | 2 +- x-pack/filebeat/modules.d/juniper.yml.disabled | 2 +- x-pack/filebeat/modules.d/microsoft.yml.disabled | 2 +- x-pack/filebeat/modules.d/misp.yml.disabled | 2 +- x-pack/filebeat/modules.d/mssql.yml.disabled | 2 +- x-pack/filebeat/modules.d/mysqlenterprise.yml.disabled | 2 +- x-pack/filebeat/modules.d/netflow.yml.disabled | 2 +- x-pack/filebeat/modules.d/netscout.yml.disabled | 2 +- x-pack/filebeat/modules.d/o365.yml.disabled | 2 +- x-pack/filebeat/modules.d/okta.yml.disabled | 2 +- x-pack/filebeat/modules.d/oracle.yml.disabled | 2 +- x-pack/filebeat/modules.d/panw.yml.disabled | 2 +- x-pack/filebeat/modules.d/proofpoint.yml.disabled | 2 +- x-pack/filebeat/modules.d/rabbitmq.yml.disabled | 2 +- x-pack/filebeat/modules.d/radware.yml.disabled | 2 +- x-pack/filebeat/modules.d/snort.yml.disabled | 2 +- x-pack/filebeat/modules.d/snyk.yml.disabled | 2 +- x-pack/filebeat/modules.d/sonicwall.yml.disabled | 2 +- x-pack/filebeat/modules.d/sophos.yml.disabled | 2 +- x-pack/filebeat/modules.d/squid.yml.disabled | 2 +- x-pack/filebeat/modules.d/suricata.yml.disabled | 2 +- x-pack/filebeat/modules.d/threatintel.yml.disabled | 2 +- x-pack/filebeat/modules.d/tomcat.yml.disabled | 2 +- x-pack/filebeat/modules.d/zeek.yml.disabled | 2 +- x-pack/filebeat/modules.d/zoom.yml.disabled | 2 +- x-pack/filebeat/modules.d/zscaler.yml.disabled | 2 +- x-pack/metricbeat/modules.d/activemq.yml.disabled | 2 +- x-pack/metricbeat/modules.d/appsearch.yml.disabled | 2 +- x-pack/metricbeat/modules.d/aws.yml.disabled | 2 +- x-pack/metricbeat/modules.d/awsfargate.yml.disabled | 2 +- x-pack/metricbeat/modules.d/azure.yml.disabled | 2 +- x-pack/metricbeat/modules.d/cloudfoundry.yml.disabled | 2 +- x-pack/metricbeat/modules.d/cockroachdb.yml.disabled | 2 +- x-pack/metricbeat/modules.d/coredns.yml.disabled | 2 +- x-pack/metricbeat/modules.d/gcp.yml.disabled | 2 +- x-pack/metricbeat/modules.d/ibmmq.yml.disabled | 2 +- x-pack/metricbeat/modules.d/iis.yml.disabled | 2 +- x-pack/metricbeat/modules.d/istio.yml.disabled | 2 +- x-pack/metricbeat/modules.d/mssql.yml.disabled | 2 +- x-pack/metricbeat/modules.d/openmetrics.yml.disabled | 2 +- x-pack/metricbeat/modules.d/oracle.yml.disabled | 2 +- x-pack/metricbeat/modules.d/prometheus.yml.disabled | 2 +- x-pack/metricbeat/modules.d/redisenterprise.yml.disabled | 2 +- x-pack/metricbeat/modules.d/sql.yml.disabled | 2 +- x-pack/metricbeat/modules.d/stan.yml.disabled | 2 +- x-pack/metricbeat/modules.d/statsd.yml.disabled | 2 +- x-pack/metricbeat/modules.d/tomcat.yml.disabled | 2 +- 141 files changed, 141 insertions(+), 141 deletions(-) diff --git a/README.md b/README.md index e76f80a695e5..8050346f7911 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -[![Build Status](https://beats-ci.elastic.co/job/Beats/job/beats/job/7.x/badge/icon)](https://beats-ci.elastic.co/job/Beats/job/beats/job/7.x/) +[![Build Status](https://beats-ci.elastic.co/job/Beats/job/beats/job/7.13/badge/icon)](https://beats-ci.elastic.co/job/Beats/job/beats/job/7.13/) [![GoReportCard](http://goreportcard.com/badge/elastic/beats)](http://goreportcard.com/report/elastic/beats) [![codecov.io](https://codecov.io/github/elastic/beats/coverage.svg?branch=master)](https://codecov.io/github/elastic/beats?branch=master) diff --git a/deploy/kubernetes/auditbeat-kubernetes.yaml b/deploy/kubernetes/auditbeat-kubernetes.yaml index 5498ed21a831..77b7303e53fc 100644 --- a/deploy/kubernetes/auditbeat-kubernetes.yaml +++ b/deploy/kubernetes/auditbeat-kubernetes.yaml @@ -109,7 +109,7 @@ spec: dnsPolicy: ClusterFirstWithHostNet containers: - name: auditbeat - image: docker.elastic.co/beats/auditbeat:7.11.0 + image: docker.elastic.co/beats/auditbeat:7.13.0 args: [ "-c", "/etc/auditbeat.yml", "-e", diff --git a/deploy/kubernetes/filebeat-kubernetes.yaml b/deploy/kubernetes/filebeat-kubernetes.yaml index a252863fb2a9..715cf7c368ee 100644 --- a/deploy/kubernetes/filebeat-kubernetes.yaml +++ b/deploy/kubernetes/filebeat-kubernetes.yaml @@ -64,7 +64,7 @@ spec: dnsPolicy: ClusterFirstWithHostNet containers: - name: filebeat - image: docker.elastic.co/beats/filebeat:7.11.0 + image: docker.elastic.co/beats/filebeat:7.13.0 args: [ "-c", "/etc/filebeat.yml", "-e", diff --git a/deploy/kubernetes/metricbeat-kubernetes.yaml b/deploy/kubernetes/metricbeat-kubernetes.yaml index 8315cb0d7392..dd31be414251 100644 --- a/deploy/kubernetes/metricbeat-kubernetes.yaml +++ b/deploy/kubernetes/metricbeat-kubernetes.yaml @@ -147,7 +147,7 @@ spec: dnsPolicy: ClusterFirstWithHostNet containers: - name: metricbeat - image: docker.elastic.co/beats/metricbeat:7.11.0 + image: docker.elastic.co/beats/metricbeat:7.13.0 args: [ "-c", "/etc/metricbeat.yml", "-e", diff --git a/filebeat/modules.d/apache.yml.disabled b/filebeat/modules.d/apache.yml.disabled index b923dd581257..aee05dd99a71 100644 --- a/filebeat/modules.d/apache.yml.disabled +++ b/filebeat/modules.d/apache.yml.disabled @@ -1,5 +1,5 @@ # Module: apache -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-apache.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-apache.html - module: apache # Access logs diff --git a/filebeat/modules.d/auditd.yml.disabled b/filebeat/modules.d/auditd.yml.disabled index 76296ec8514a..4153dfa34954 100644 --- a/filebeat/modules.d/auditd.yml.disabled +++ b/filebeat/modules.d/auditd.yml.disabled @@ -1,5 +1,5 @@ # Module: auditd -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-auditd.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-auditd.html - module: auditd log: diff --git a/filebeat/modules.d/elasticsearch.yml.disabled b/filebeat/modules.d/elasticsearch.yml.disabled index e6074c05e36e..145a93b9c01e 100644 --- a/filebeat/modules.d/elasticsearch.yml.disabled +++ b/filebeat/modules.d/elasticsearch.yml.disabled @@ -1,5 +1,5 @@ # Module: elasticsearch -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-elasticsearch.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-elasticsearch.html - module: elasticsearch # Server log diff --git a/filebeat/modules.d/haproxy.yml.disabled b/filebeat/modules.d/haproxy.yml.disabled index b2615dbb8f70..02870049e8cb 100644 --- a/filebeat/modules.d/haproxy.yml.disabled +++ b/filebeat/modules.d/haproxy.yml.disabled @@ -1,5 +1,5 @@ # Module: haproxy -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-haproxy.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-haproxy.html - module: haproxy # All logs diff --git a/filebeat/modules.d/icinga.yml.disabled b/filebeat/modules.d/icinga.yml.disabled index a7c3ac6e1963..def5e7846134 100644 --- a/filebeat/modules.d/icinga.yml.disabled +++ b/filebeat/modules.d/icinga.yml.disabled @@ -1,5 +1,5 @@ # Module: icinga -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-icinga.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-icinga.html - module: icinga # Main logs diff --git a/filebeat/modules.d/iis.yml.disabled b/filebeat/modules.d/iis.yml.disabled index 44c200ba18c1..4d34270b4e5a 100644 --- a/filebeat/modules.d/iis.yml.disabled +++ b/filebeat/modules.d/iis.yml.disabled @@ -1,5 +1,5 @@ # Module: iis -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-iis.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-iis.html - module: iis # Access logs diff --git a/filebeat/modules.d/kafka.yml.disabled b/filebeat/modules.d/kafka.yml.disabled index 23362c8a1e2d..eaa6f054d8ae 100644 --- a/filebeat/modules.d/kafka.yml.disabled +++ b/filebeat/modules.d/kafka.yml.disabled @@ -1,5 +1,5 @@ # Module: kafka -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-kafka.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-kafka.html - module: kafka # All logs diff --git a/filebeat/modules.d/kibana.yml.disabled b/filebeat/modules.d/kibana.yml.disabled index a4956c4b65a5..6866d2004aa3 100644 --- a/filebeat/modules.d/kibana.yml.disabled +++ b/filebeat/modules.d/kibana.yml.disabled @@ -1,5 +1,5 @@ # Module: kibana -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-kibana.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-kibana.html - module: kibana # Server logs diff --git a/filebeat/modules.d/logstash.yml.disabled b/filebeat/modules.d/logstash.yml.disabled index f14229409b66..155121b433b1 100644 --- a/filebeat/modules.d/logstash.yml.disabled +++ b/filebeat/modules.d/logstash.yml.disabled @@ -1,5 +1,5 @@ # Module: logstash -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-logstash.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-logstash.html - module: logstash # logs diff --git a/filebeat/modules.d/mongodb.yml.disabled b/filebeat/modules.d/mongodb.yml.disabled index 266d2e4e8dc2..6c90e2166eeb 100644 --- a/filebeat/modules.d/mongodb.yml.disabled +++ b/filebeat/modules.d/mongodb.yml.disabled @@ -1,5 +1,5 @@ # Module: mongodb -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-mongodb.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-mongodb.html - module: mongodb # All logs diff --git a/filebeat/modules.d/mysql.yml.disabled b/filebeat/modules.d/mysql.yml.disabled index e6be4045b10f..eda7e6b54278 100644 --- a/filebeat/modules.d/mysql.yml.disabled +++ b/filebeat/modules.d/mysql.yml.disabled @@ -1,5 +1,5 @@ # Module: mysql -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-mysql.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-mysql.html - module: mysql # Error logs diff --git a/filebeat/modules.d/nats.yml.disabled b/filebeat/modules.d/nats.yml.disabled index 65e44962d7ee..2fea7c6ee0ae 100644 --- a/filebeat/modules.d/nats.yml.disabled +++ b/filebeat/modules.d/nats.yml.disabled @@ -1,5 +1,5 @@ # Module: nats -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-nats.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-nats.html - module: nats # All logs diff --git a/filebeat/modules.d/nginx.yml.disabled b/filebeat/modules.d/nginx.yml.disabled index e2fa44a782f3..59ced64c312d 100644 --- a/filebeat/modules.d/nginx.yml.disabled +++ b/filebeat/modules.d/nginx.yml.disabled @@ -1,5 +1,5 @@ # Module: nginx -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-nginx.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-nginx.html - module: nginx # Access logs diff --git a/filebeat/modules.d/osquery.yml.disabled b/filebeat/modules.d/osquery.yml.disabled index 7a9a09dd8d5f..cbc05dc2ec3f 100644 --- a/filebeat/modules.d/osquery.yml.disabled +++ b/filebeat/modules.d/osquery.yml.disabled @@ -1,5 +1,5 @@ # Module: osquery -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-osquery.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-osquery.html - module: osquery result: diff --git a/filebeat/modules.d/pensando.yml.disabled b/filebeat/modules.d/pensando.yml.disabled index 66bd60d76d05..2429972c0727 100644 --- a/filebeat/modules.d/pensando.yml.disabled +++ b/filebeat/modules.d/pensando.yml.disabled @@ -1,5 +1,5 @@ # Module: pensando -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-pensando.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-pensando.html - module: pensando # Firewall logs diff --git a/filebeat/modules.d/postgresql.yml.disabled b/filebeat/modules.d/postgresql.yml.disabled index 804b7f34f854..180407f4761e 100644 --- a/filebeat/modules.d/postgresql.yml.disabled +++ b/filebeat/modules.d/postgresql.yml.disabled @@ -1,5 +1,5 @@ # Module: postgresql -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-postgresql.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-postgresql.html - module: postgresql # All logs diff --git a/filebeat/modules.d/redis.yml.disabled b/filebeat/modules.d/redis.yml.disabled index 9b621dc2d28a..5da2c48b0b7f 100644 --- a/filebeat/modules.d/redis.yml.disabled +++ b/filebeat/modules.d/redis.yml.disabled @@ -1,5 +1,5 @@ # Module: redis -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-redis.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-redis.html - module: redis # Main logs diff --git a/filebeat/modules.d/santa.yml.disabled b/filebeat/modules.d/santa.yml.disabled index 1a7363547b15..a31aa7230373 100644 --- a/filebeat/modules.d/santa.yml.disabled +++ b/filebeat/modules.d/santa.yml.disabled @@ -1,5 +1,5 @@ # Module: santa -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-santa.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-santa.html - module: santa log: diff --git a/filebeat/modules.d/system.yml.disabled b/filebeat/modules.d/system.yml.disabled index d633bac043af..07890b98256a 100644 --- a/filebeat/modules.d/system.yml.disabled +++ b/filebeat/modules.d/system.yml.disabled @@ -1,5 +1,5 @@ # Module: system -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-system.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-system.html - module: system # Syslog diff --git a/filebeat/modules.d/traefik.yml.disabled b/filebeat/modules.d/traefik.yml.disabled index 657d5ccd9297..ef5137d26e04 100644 --- a/filebeat/modules.d/traefik.yml.disabled +++ b/filebeat/modules.d/traefik.yml.disabled @@ -1,5 +1,5 @@ # Module: traefik -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-traefik.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-traefik.html - module: traefik # Access logs diff --git a/libbeat/docs/version.asciidoc b/libbeat/docs/version.asciidoc index 738d7d5c1453..e126a7ca0c74 100644 --- a/libbeat/docs/version.asciidoc +++ b/libbeat/docs/version.asciidoc @@ -1,4 +1,4 @@ -:stack-version: 7.11.0 +:stack-version: 7.13.0 :doc-branch: 7.x :go-version: 1.15.10 :release-state: unreleased diff --git a/metricbeat/modules.d/aerospike.yml.disabled b/metricbeat/modules.d/aerospike.yml.disabled index 52fbcff13ede..1b8cb860b2f6 100644 --- a/metricbeat/modules.d/aerospike.yml.disabled +++ b/metricbeat/modules.d/aerospike.yml.disabled @@ -1,5 +1,5 @@ # Module: aerospike -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-aerospike.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-aerospike.html - module: aerospike #metricsets: diff --git a/metricbeat/modules.d/apache.yml.disabled b/metricbeat/modules.d/apache.yml.disabled index 179681ed9ff6..77e0b262d398 100644 --- a/metricbeat/modules.d/apache.yml.disabled +++ b/metricbeat/modules.d/apache.yml.disabled @@ -1,5 +1,5 @@ # Module: apache -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-apache.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-apache.html - module: apache #metricsets: diff --git a/metricbeat/modules.d/beat-xpack.yml.disabled b/metricbeat/modules.d/beat-xpack.yml.disabled index 2cfd6b70cd8c..1f2bcb6236fb 100644 --- a/metricbeat/modules.d/beat-xpack.yml.disabled +++ b/metricbeat/modules.d/beat-xpack.yml.disabled @@ -1,5 +1,5 @@ # Module: beat -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-beat.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-beat.html - module: beat xpack.enabled: true diff --git a/metricbeat/modules.d/beat.yml.disabled b/metricbeat/modules.d/beat.yml.disabled index cdd8419af46f..fc07d58782fe 100644 --- a/metricbeat/modules.d/beat.yml.disabled +++ b/metricbeat/modules.d/beat.yml.disabled @@ -1,5 +1,5 @@ # Module: beat -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-beat.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-beat.html - module: beat metricsets: diff --git a/metricbeat/modules.d/ceph-mgr.yml.disabled b/metricbeat/modules.d/ceph-mgr.yml.disabled index b8da102d0064..388437ea9fa9 100644 --- a/metricbeat/modules.d/ceph-mgr.yml.disabled +++ b/metricbeat/modules.d/ceph-mgr.yml.disabled @@ -1,5 +1,5 @@ # Module: ceph -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-ceph.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-ceph.html - module: ceph metricsets: diff --git a/metricbeat/modules.d/ceph.yml.disabled b/metricbeat/modules.d/ceph.yml.disabled index 7461623af7f0..3c740ad7280d 100644 --- a/metricbeat/modules.d/ceph.yml.disabled +++ b/metricbeat/modules.d/ceph.yml.disabled @@ -1,5 +1,5 @@ # Module: ceph -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-ceph.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-ceph.html - module: ceph #metricsets: diff --git a/metricbeat/modules.d/consul.yml.disabled b/metricbeat/modules.d/consul.yml.disabled index 6b8cad229888..34da53c07059 100644 --- a/metricbeat/modules.d/consul.yml.disabled +++ b/metricbeat/modules.d/consul.yml.disabled @@ -1,5 +1,5 @@ # Module: consul -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-consul.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-consul.html - module: consul metricsets: diff --git a/metricbeat/modules.d/couchbase.yml.disabled b/metricbeat/modules.d/couchbase.yml.disabled index 707eb31421d7..32ccfd79b2f3 100644 --- a/metricbeat/modules.d/couchbase.yml.disabled +++ b/metricbeat/modules.d/couchbase.yml.disabled @@ -1,5 +1,5 @@ # Module: couchbase -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-couchbase.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-couchbase.html - module: couchbase #metricsets: diff --git a/metricbeat/modules.d/couchdb.yml.disabled b/metricbeat/modules.d/couchdb.yml.disabled index 5ae54506a868..ff53ffbda93d 100644 --- a/metricbeat/modules.d/couchdb.yml.disabled +++ b/metricbeat/modules.d/couchdb.yml.disabled @@ -1,5 +1,5 @@ # Module: couchdb -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-couchdb.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-couchdb.html - module: couchdb metricsets: ["server"] diff --git a/metricbeat/modules.d/docker.yml.disabled b/metricbeat/modules.d/docker.yml.disabled index 7dbb97d4b78c..db3b496b5317 100644 --- a/metricbeat/modules.d/docker.yml.disabled +++ b/metricbeat/modules.d/docker.yml.disabled @@ -1,5 +1,5 @@ # Module: docker -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-docker.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-docker.html - module: docker #metricsets: diff --git a/metricbeat/modules.d/dropwizard.yml.disabled b/metricbeat/modules.d/dropwizard.yml.disabled index cba8f09e324b..d090ca25f20f 100644 --- a/metricbeat/modules.d/dropwizard.yml.disabled +++ b/metricbeat/modules.d/dropwizard.yml.disabled @@ -1,5 +1,5 @@ # Module: dropwizard -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-dropwizard.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-dropwizard.html - module: dropwizard #metricsets: diff --git a/metricbeat/modules.d/elasticsearch-xpack.yml.disabled b/metricbeat/modules.d/elasticsearch-xpack.yml.disabled index bcf2a7f9fbbf..b6f11e07bccc 100644 --- a/metricbeat/modules.d/elasticsearch-xpack.yml.disabled +++ b/metricbeat/modules.d/elasticsearch-xpack.yml.disabled @@ -1,5 +1,5 @@ # Module: elasticsearch -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-elasticsearch.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-elasticsearch.html - module: elasticsearch xpack.enabled: true diff --git a/metricbeat/modules.d/elasticsearch.yml.disabled b/metricbeat/modules.d/elasticsearch.yml.disabled index 217cc03be7d1..49a9d7aafdf0 100644 --- a/metricbeat/modules.d/elasticsearch.yml.disabled +++ b/metricbeat/modules.d/elasticsearch.yml.disabled @@ -1,5 +1,5 @@ # Module: elasticsearch -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-elasticsearch.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-elasticsearch.html - module: elasticsearch #metricsets: diff --git a/metricbeat/modules.d/envoyproxy.yml.disabled b/metricbeat/modules.d/envoyproxy.yml.disabled index 7b806d7ea101..87091ab914b7 100644 --- a/metricbeat/modules.d/envoyproxy.yml.disabled +++ b/metricbeat/modules.d/envoyproxy.yml.disabled @@ -1,5 +1,5 @@ # Module: envoyproxy -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-envoyproxy.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-envoyproxy.html - module: envoyproxy #metricsets: diff --git a/metricbeat/modules.d/etcd.yml.disabled b/metricbeat/modules.d/etcd.yml.disabled index 566235380924..67fbc1ad0551 100644 --- a/metricbeat/modules.d/etcd.yml.disabled +++ b/metricbeat/modules.d/etcd.yml.disabled @@ -1,5 +1,5 @@ # Module: etcd -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-etcd.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-etcd.html - module: etcd #metricsets: diff --git a/metricbeat/modules.d/golang.yml.disabled b/metricbeat/modules.d/golang.yml.disabled index 91d082708eb7..12670c6df72d 100644 --- a/metricbeat/modules.d/golang.yml.disabled +++ b/metricbeat/modules.d/golang.yml.disabled @@ -1,5 +1,5 @@ # Module: golang -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-golang.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-golang.html - module: golang #metricsets: diff --git a/metricbeat/modules.d/graphite.yml.disabled b/metricbeat/modules.d/graphite.yml.disabled index dcf32fb42695..c0694a951558 100644 --- a/metricbeat/modules.d/graphite.yml.disabled +++ b/metricbeat/modules.d/graphite.yml.disabled @@ -1,5 +1,5 @@ # Module: graphite -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-graphite.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-graphite.html - module: graphite #metricsets: diff --git a/metricbeat/modules.d/haproxy.yml.disabled b/metricbeat/modules.d/haproxy.yml.disabled index 836d732e971a..0d7ef47954c1 100644 --- a/metricbeat/modules.d/haproxy.yml.disabled +++ b/metricbeat/modules.d/haproxy.yml.disabled @@ -1,5 +1,5 @@ # Module: haproxy -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-haproxy.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-haproxy.html - module: haproxy #metricsets: diff --git a/metricbeat/modules.d/http.yml.disabled b/metricbeat/modules.d/http.yml.disabled index 8320a9506801..b0e03e058b4b 100644 --- a/metricbeat/modules.d/http.yml.disabled +++ b/metricbeat/modules.d/http.yml.disabled @@ -1,5 +1,5 @@ # Module: http -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-http.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-http.html - module: http #metricsets: diff --git a/metricbeat/modules.d/jolokia.yml.disabled b/metricbeat/modules.d/jolokia.yml.disabled index 9949e4c21eb9..dc4bfc9a7539 100644 --- a/metricbeat/modules.d/jolokia.yml.disabled +++ b/metricbeat/modules.d/jolokia.yml.disabled @@ -1,5 +1,5 @@ # Module: jolokia -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-jolokia.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-jolokia.html - module: jolokia #metricsets: ["jmx"] diff --git a/metricbeat/modules.d/kafka.yml.disabled b/metricbeat/modules.d/kafka.yml.disabled index af51afd47ae5..a733bed84eea 100644 --- a/metricbeat/modules.d/kafka.yml.disabled +++ b/metricbeat/modules.d/kafka.yml.disabled @@ -1,5 +1,5 @@ # Module: kafka -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-kafka.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-kafka.html # Kafka metrics collected using the Kafka protocol - module: kafka diff --git a/metricbeat/modules.d/kibana-xpack.yml.disabled b/metricbeat/modules.d/kibana-xpack.yml.disabled index 1e4216662b33..8ddcf8d7a2eb 100644 --- a/metricbeat/modules.d/kibana-xpack.yml.disabled +++ b/metricbeat/modules.d/kibana-xpack.yml.disabled @@ -1,5 +1,5 @@ # Module: kibana -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-kibana.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-kibana.html - module: kibana xpack.enabled: true diff --git a/metricbeat/modules.d/kibana.yml.disabled b/metricbeat/modules.d/kibana.yml.disabled index cc8e7771b400..3c7c6ec7a598 100644 --- a/metricbeat/modules.d/kibana.yml.disabled +++ b/metricbeat/modules.d/kibana.yml.disabled @@ -1,5 +1,5 @@ # Module: kibana -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-kibana.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-kibana.html - module: kibana #metricsets: diff --git a/metricbeat/modules.d/kubernetes.yml.disabled b/metricbeat/modules.d/kubernetes.yml.disabled index c0a660e41485..34e44d4b91b9 100644 --- a/metricbeat/modules.d/kubernetes.yml.disabled +++ b/metricbeat/modules.d/kubernetes.yml.disabled @@ -1,5 +1,5 @@ # Module: kubernetes -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-kubernetes.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-kubernetes.html # Node metrics, from kubelet: - module: kubernetes diff --git a/metricbeat/modules.d/kvm.yml.disabled b/metricbeat/modules.d/kvm.yml.disabled index 86e8baab7002..81c5d2d61541 100644 --- a/metricbeat/modules.d/kvm.yml.disabled +++ b/metricbeat/modules.d/kvm.yml.disabled @@ -1,5 +1,5 @@ # Module: kvm -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-kvm.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-kvm.html - module: kvm #metricsets: diff --git a/metricbeat/modules.d/linux.yml.disabled b/metricbeat/modules.d/linux.yml.disabled index 0fe778f4a5e2..1efb0a542472 100644 --- a/metricbeat/modules.d/linux.yml.disabled +++ b/metricbeat/modules.d/linux.yml.disabled @@ -1,5 +1,5 @@ # Module: linux -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-linux.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-linux.html - module: linux period: 10s diff --git a/metricbeat/modules.d/logstash-xpack.yml.disabled b/metricbeat/modules.d/logstash-xpack.yml.disabled index 4bdc6da1b79a..f6a1c84a51ef 100644 --- a/metricbeat/modules.d/logstash-xpack.yml.disabled +++ b/metricbeat/modules.d/logstash-xpack.yml.disabled @@ -1,5 +1,5 @@ # Module: logstash -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-logstash.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-logstash.html - module: logstash xpack.enabled: true diff --git a/metricbeat/modules.d/logstash.yml.disabled b/metricbeat/modules.d/logstash.yml.disabled index e10c9a98ab34..cc4150642571 100644 --- a/metricbeat/modules.d/logstash.yml.disabled +++ b/metricbeat/modules.d/logstash.yml.disabled @@ -1,5 +1,5 @@ # Module: logstash -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-logstash.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-logstash.html - module: logstash #metricsets: diff --git a/metricbeat/modules.d/memcached.yml.disabled b/metricbeat/modules.d/memcached.yml.disabled index 2036bd6c1561..651eae2a70a2 100644 --- a/metricbeat/modules.d/memcached.yml.disabled +++ b/metricbeat/modules.d/memcached.yml.disabled @@ -1,5 +1,5 @@ # Module: memcached -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-memcached.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-memcached.html - module: memcached # metricsets: ["stats"] diff --git a/metricbeat/modules.d/mongodb.yml.disabled b/metricbeat/modules.d/mongodb.yml.disabled index e0cf95f03776..085122998133 100644 --- a/metricbeat/modules.d/mongodb.yml.disabled +++ b/metricbeat/modules.d/mongodb.yml.disabled @@ -1,5 +1,5 @@ # Module: mongodb -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-mongodb.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-mongodb.html - module: mongodb #metricsets: diff --git a/metricbeat/modules.d/munin.yml.disabled b/metricbeat/modules.d/munin.yml.disabled index a9c928c3631f..b7aa19a5b3f2 100644 --- a/metricbeat/modules.d/munin.yml.disabled +++ b/metricbeat/modules.d/munin.yml.disabled @@ -1,5 +1,5 @@ # Module: munin -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-munin.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-munin.html - module: munin #metricsets: diff --git a/metricbeat/modules.d/mysql.yml.disabled b/metricbeat/modules.d/mysql.yml.disabled index 3d29ae8cde68..2779235d3799 100644 --- a/metricbeat/modules.d/mysql.yml.disabled +++ b/metricbeat/modules.d/mysql.yml.disabled @@ -1,5 +1,5 @@ # Module: mysql -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-mysql.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-mysql.html - module: mysql #metricsets: diff --git a/metricbeat/modules.d/nats.yml.disabled b/metricbeat/modules.d/nats.yml.disabled index ae2ec32fc051..377b7397c90b 100644 --- a/metricbeat/modules.d/nats.yml.disabled +++ b/metricbeat/modules.d/nats.yml.disabled @@ -1,5 +1,5 @@ # Module: nats -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-nats.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-nats.html - module: nats metricsets: diff --git a/metricbeat/modules.d/nginx.yml.disabled b/metricbeat/modules.d/nginx.yml.disabled index 70c7954faf76..1dc91de0ab3c 100644 --- a/metricbeat/modules.d/nginx.yml.disabled +++ b/metricbeat/modules.d/nginx.yml.disabled @@ -1,5 +1,5 @@ # Module: nginx -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-nginx.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-nginx.html - module: nginx #metricsets: diff --git a/metricbeat/modules.d/php_fpm.yml.disabled b/metricbeat/modules.d/php_fpm.yml.disabled index 575bb6956dd1..5968d48d9432 100644 --- a/metricbeat/modules.d/php_fpm.yml.disabled +++ b/metricbeat/modules.d/php_fpm.yml.disabled @@ -1,5 +1,5 @@ # Module: php_fpm -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-php_fpm.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-php_fpm.html - module: php_fpm #metricsets: diff --git a/metricbeat/modules.d/postgresql.yml.disabled b/metricbeat/modules.d/postgresql.yml.disabled index ded669c69096..910a686201c8 100644 --- a/metricbeat/modules.d/postgresql.yml.disabled +++ b/metricbeat/modules.d/postgresql.yml.disabled @@ -1,5 +1,5 @@ # Module: postgresql -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-postgresql.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-postgresql.html - module: postgresql #metricsets: diff --git a/metricbeat/modules.d/prometheus.yml.disabled b/metricbeat/modules.d/prometheus.yml.disabled index af0266188b39..3a2d8b912d59 100644 --- a/metricbeat/modules.d/prometheus.yml.disabled +++ b/metricbeat/modules.d/prometheus.yml.disabled @@ -1,5 +1,5 @@ # Module: prometheus -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-prometheus.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-prometheus.html # Metrics collected from a Prometheus endpoint - module: prometheus diff --git a/metricbeat/modules.d/rabbitmq.yml.disabled b/metricbeat/modules.d/rabbitmq.yml.disabled index 61a4b686c31f..76c51259cde8 100644 --- a/metricbeat/modules.d/rabbitmq.yml.disabled +++ b/metricbeat/modules.d/rabbitmq.yml.disabled @@ -1,5 +1,5 @@ # Module: rabbitmq -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-rabbitmq.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-rabbitmq.html - module: rabbitmq #metricsets: diff --git a/metricbeat/modules.d/redis.yml.disabled b/metricbeat/modules.d/redis.yml.disabled index 7529d3e08891..78f6a0f18a1a 100644 --- a/metricbeat/modules.d/redis.yml.disabled +++ b/metricbeat/modules.d/redis.yml.disabled @@ -1,5 +1,5 @@ # Module: redis -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-redis.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-redis.html - module: redis #metricsets: diff --git a/metricbeat/modules.d/system.yml b/metricbeat/modules.d/system.yml index 339d66abc3a9..be6d69547f48 100644 --- a/metricbeat/modules.d/system.yml +++ b/metricbeat/modules.d/system.yml @@ -1,5 +1,5 @@ # Module: system -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-system.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-system.html - module: system period: 10s diff --git a/metricbeat/modules.d/traefik.yml.disabled b/metricbeat/modules.d/traefik.yml.disabled index 2f4beeda3a0e..44dfdcd11e35 100644 --- a/metricbeat/modules.d/traefik.yml.disabled +++ b/metricbeat/modules.d/traefik.yml.disabled @@ -1,5 +1,5 @@ # Module: traefik -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-traefik.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-traefik.html - module: traefik metricsets: ["health"] diff --git a/metricbeat/modules.d/uwsgi.yml.disabled b/metricbeat/modules.d/uwsgi.yml.disabled index f0831a804ac9..cca20b483932 100644 --- a/metricbeat/modules.d/uwsgi.yml.disabled +++ b/metricbeat/modules.d/uwsgi.yml.disabled @@ -1,5 +1,5 @@ # Module: uwsgi -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-uwsgi.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-uwsgi.html - module: uwsgi #metricsets: diff --git a/metricbeat/modules.d/vsphere.yml.disabled b/metricbeat/modules.d/vsphere.yml.disabled index e3ff07039a41..131a98a78af6 100644 --- a/metricbeat/modules.d/vsphere.yml.disabled +++ b/metricbeat/modules.d/vsphere.yml.disabled @@ -1,5 +1,5 @@ # Module: vsphere -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-vsphere.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-vsphere.html - module: vsphere #metricsets: diff --git a/metricbeat/modules.d/windows.yml.disabled b/metricbeat/modules.d/windows.yml.disabled index 18a8a13e970d..64a278585582 100644 --- a/metricbeat/modules.d/windows.yml.disabled +++ b/metricbeat/modules.d/windows.yml.disabled @@ -1,5 +1,5 @@ # Module: windows -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-windows.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-windows.html - module: windows metricsets: diff --git a/metricbeat/modules.d/zookeeper.yml.disabled b/metricbeat/modules.d/zookeeper.yml.disabled index 4da1e25fc614..2505eabb4a99 100644 --- a/metricbeat/modules.d/zookeeper.yml.disabled +++ b/metricbeat/modules.d/zookeeper.yml.disabled @@ -1,5 +1,5 @@ # Module: zookeeper -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-zookeeper.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-zookeeper.html - module: zookeeper #metricsets: diff --git a/x-pack/filebeat/modules.d/activemq.yml.disabled b/x-pack/filebeat/modules.d/activemq.yml.disabled index 43536ecbce00..ab6a624ee65c 100644 --- a/x-pack/filebeat/modules.d/activemq.yml.disabled +++ b/x-pack/filebeat/modules.d/activemq.yml.disabled @@ -1,5 +1,5 @@ # Module: activemq -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-activemq.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-activemq.html - module: activemq # Audit logs diff --git a/x-pack/filebeat/modules.d/aws.yml.disabled b/x-pack/filebeat/modules.d/aws.yml.disabled index 248090f69fe1..d27c96956569 100644 --- a/x-pack/filebeat/modules.d/aws.yml.disabled +++ b/x-pack/filebeat/modules.d/aws.yml.disabled @@ -1,5 +1,5 @@ # Module: aws -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-aws.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-aws.html - module: aws cloudtrail: diff --git a/x-pack/filebeat/modules.d/awsfargate.yml.disabled b/x-pack/filebeat/modules.d/awsfargate.yml.disabled index 03701bea80ef..0cf7c53f59ea 100644 --- a/x-pack/filebeat/modules.d/awsfargate.yml.disabled +++ b/x-pack/filebeat/modules.d/awsfargate.yml.disabled @@ -1,5 +1,5 @@ # Module: awsfargate -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-awsfargate.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-awsfargate.html - module: awsfargate log: diff --git a/x-pack/filebeat/modules.d/azure.yml.disabled b/x-pack/filebeat/modules.d/azure.yml.disabled index 3b2bc1ecf106..7bb2e89b43d7 100644 --- a/x-pack/filebeat/modules.d/azure.yml.disabled +++ b/x-pack/filebeat/modules.d/azure.yml.disabled @@ -1,5 +1,5 @@ # Module: azure -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-azure.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-azure.html - module: azure # All logs diff --git a/x-pack/filebeat/modules.d/barracuda.yml.disabled b/x-pack/filebeat/modules.d/barracuda.yml.disabled index 99ff85036c44..7dbb29f7ce1f 100644 --- a/x-pack/filebeat/modules.d/barracuda.yml.disabled +++ b/x-pack/filebeat/modules.d/barracuda.yml.disabled @@ -1,5 +1,5 @@ # Module: barracuda -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-barracuda.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-barracuda.html - module: barracuda waf: diff --git a/x-pack/filebeat/modules.d/bluecoat.yml.disabled b/x-pack/filebeat/modules.d/bluecoat.yml.disabled index 6550c8eedb6a..ca8cc7784832 100644 --- a/x-pack/filebeat/modules.d/bluecoat.yml.disabled +++ b/x-pack/filebeat/modules.d/bluecoat.yml.disabled @@ -1,5 +1,5 @@ # Module: bluecoat -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-bluecoat.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-bluecoat.html - module: bluecoat director: diff --git a/x-pack/filebeat/modules.d/cef.yml.disabled b/x-pack/filebeat/modules.d/cef.yml.disabled index 2de22edccdff..e69340da2985 100644 --- a/x-pack/filebeat/modules.d/cef.yml.disabled +++ b/x-pack/filebeat/modules.d/cef.yml.disabled @@ -1,5 +1,5 @@ # Module: cef -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-cef.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-cef.html - module: cef log: diff --git a/x-pack/filebeat/modules.d/checkpoint.yml.disabled b/x-pack/filebeat/modules.d/checkpoint.yml.disabled index 9d34b8d72aa3..c28dd3a04867 100644 --- a/x-pack/filebeat/modules.d/checkpoint.yml.disabled +++ b/x-pack/filebeat/modules.d/checkpoint.yml.disabled @@ -1,5 +1,5 @@ # Module: checkpoint -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-checkpoint.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-checkpoint.html - module: checkpoint firewall: diff --git a/x-pack/filebeat/modules.d/cisco.yml.disabled b/x-pack/filebeat/modules.d/cisco.yml.disabled index 9e465804552f..1892dc47ca89 100644 --- a/x-pack/filebeat/modules.d/cisco.yml.disabled +++ b/x-pack/filebeat/modules.d/cisco.yml.disabled @@ -1,5 +1,5 @@ # Module: cisco -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-cisco.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-cisco.html - module: cisco asa: diff --git a/x-pack/filebeat/modules.d/coredns.yml.disabled b/x-pack/filebeat/modules.d/coredns.yml.disabled index 46e9e55c1471..ba3748c82ae2 100644 --- a/x-pack/filebeat/modules.d/coredns.yml.disabled +++ b/x-pack/filebeat/modules.d/coredns.yml.disabled @@ -1,5 +1,5 @@ # Module: coredns -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-coredns.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-coredns.html - module: coredns # Fileset for native deployment diff --git a/x-pack/filebeat/modules.d/crowdstrike.yml.disabled b/x-pack/filebeat/modules.d/crowdstrike.yml.disabled index 8d2c8531d077..e0ea8540c9e5 100644 --- a/x-pack/filebeat/modules.d/crowdstrike.yml.disabled +++ b/x-pack/filebeat/modules.d/crowdstrike.yml.disabled @@ -1,5 +1,5 @@ # Module: crowdstrike -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-crowdstrike.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-crowdstrike.html - module: crowdstrike diff --git a/x-pack/filebeat/modules.d/cyberark.yml.disabled b/x-pack/filebeat/modules.d/cyberark.yml.disabled index e97955adfb84..6311ff86f39b 100644 --- a/x-pack/filebeat/modules.d/cyberark.yml.disabled +++ b/x-pack/filebeat/modules.d/cyberark.yml.disabled @@ -1,5 +1,5 @@ # Module: cyberark -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-cyberark.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-cyberark.html - module: cyberark corepas: diff --git a/x-pack/filebeat/modules.d/cyberarkpas.yml.disabled b/x-pack/filebeat/modules.d/cyberarkpas.yml.disabled index 3e78f4a0f351..725bfada51d7 100644 --- a/x-pack/filebeat/modules.d/cyberarkpas.yml.disabled +++ b/x-pack/filebeat/modules.d/cyberarkpas.yml.disabled @@ -1,5 +1,5 @@ # Module: cyberarkpas -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-cyberarkpas.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-cyberarkpas.html - module: cyberarkpas audit: diff --git a/x-pack/filebeat/modules.d/cylance.yml.disabled b/x-pack/filebeat/modules.d/cylance.yml.disabled index 342d654d2e13..a6e4a0464a90 100644 --- a/x-pack/filebeat/modules.d/cylance.yml.disabled +++ b/x-pack/filebeat/modules.d/cylance.yml.disabled @@ -1,5 +1,5 @@ # Module: cylance -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-cylance.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-cylance.html - module: cylance protect: diff --git a/x-pack/filebeat/modules.d/envoyproxy.yml.disabled b/x-pack/filebeat/modules.d/envoyproxy.yml.disabled index 543b17be5339..62d5a666796a 100644 --- a/x-pack/filebeat/modules.d/envoyproxy.yml.disabled +++ b/x-pack/filebeat/modules.d/envoyproxy.yml.disabled @@ -1,5 +1,5 @@ # Module: envoyproxy -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-envoyproxy.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-envoyproxy.html - module: envoyproxy # Fileset for native deployment diff --git a/x-pack/filebeat/modules.d/f5.yml.disabled b/x-pack/filebeat/modules.d/f5.yml.disabled index 959842174cff..b9801b0ce5c6 100644 --- a/x-pack/filebeat/modules.d/f5.yml.disabled +++ b/x-pack/filebeat/modules.d/f5.yml.disabled @@ -1,5 +1,5 @@ # Module: f5 -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-f5.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-f5.html - module: f5 bigipapm: diff --git a/x-pack/filebeat/modules.d/fortinet.yml.disabled b/x-pack/filebeat/modules.d/fortinet.yml.disabled index 281b7d788efa..76f8d3b5a199 100644 --- a/x-pack/filebeat/modules.d/fortinet.yml.disabled +++ b/x-pack/filebeat/modules.d/fortinet.yml.disabled @@ -1,5 +1,5 @@ # Module: fortinet -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-fortinet.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-fortinet.html - module: fortinet firewall: diff --git a/x-pack/filebeat/modules.d/gcp.yml.disabled b/x-pack/filebeat/modules.d/gcp.yml.disabled index a09d0fe369cb..f7323b4c9c6e 100644 --- a/x-pack/filebeat/modules.d/gcp.yml.disabled +++ b/x-pack/filebeat/modules.d/gcp.yml.disabled @@ -1,5 +1,5 @@ # Module: gcp -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-gcp.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-gcp.html - module: gcp vpcflow: diff --git a/x-pack/filebeat/modules.d/google_workspace.yml.disabled b/x-pack/filebeat/modules.d/google_workspace.yml.disabled index 6d364af9811a..0eb7d7adf149 100644 --- a/x-pack/filebeat/modules.d/google_workspace.yml.disabled +++ b/x-pack/filebeat/modules.d/google_workspace.yml.disabled @@ -1,5 +1,5 @@ # Module: google_workspace -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-google_workspace.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-google_workspace.html - module: google_workspace saml: diff --git a/x-pack/filebeat/modules.d/googlecloud.yml.disabled b/x-pack/filebeat/modules.d/googlecloud.yml.disabled index 9a28dc036ee9..d549eaee9b4f 100644 --- a/x-pack/filebeat/modules.d/googlecloud.yml.disabled +++ b/x-pack/filebeat/modules.d/googlecloud.yml.disabled @@ -1,5 +1,5 @@ # Module: googlecloud -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-googlecloud.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-googlecloud.html # googlecloud module is deprecated, please use gcp instead - module: gcp diff --git a/x-pack/filebeat/modules.d/gsuite.yml.disabled b/x-pack/filebeat/modules.d/gsuite.yml.disabled index 6aec3b65ddaa..d8ab05a2f2ab 100644 --- a/x-pack/filebeat/modules.d/gsuite.yml.disabled +++ b/x-pack/filebeat/modules.d/gsuite.yml.disabled @@ -1,5 +1,5 @@ # Module: gsuite -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-gsuite.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-gsuite.html # Gsuite module is deprecated and will be removed in future releases. Please use Google Workspace module instead. - module: gsuite diff --git a/x-pack/filebeat/modules.d/ibmmq.yml.disabled b/x-pack/filebeat/modules.d/ibmmq.yml.disabled index bfaf3792db9c..81756450ccf7 100644 --- a/x-pack/filebeat/modules.d/ibmmq.yml.disabled +++ b/x-pack/filebeat/modules.d/ibmmq.yml.disabled @@ -1,5 +1,5 @@ # Module: ibmmq -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-ibmmq.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-ibmmq.html - module: ibmmq # All logs diff --git a/x-pack/filebeat/modules.d/imperva.yml.disabled b/x-pack/filebeat/modules.d/imperva.yml.disabled index 8e53deaa60a3..84fb7e2d5c9c 100644 --- a/x-pack/filebeat/modules.d/imperva.yml.disabled +++ b/x-pack/filebeat/modules.d/imperva.yml.disabled @@ -1,5 +1,5 @@ # Module: imperva -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-imperva.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-imperva.html - module: imperva securesphere: diff --git a/x-pack/filebeat/modules.d/infoblox.yml.disabled b/x-pack/filebeat/modules.d/infoblox.yml.disabled index 9e82f83401e8..b69aa819468e 100644 --- a/x-pack/filebeat/modules.d/infoblox.yml.disabled +++ b/x-pack/filebeat/modules.d/infoblox.yml.disabled @@ -1,5 +1,5 @@ # Module: infoblox -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-infoblox.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-infoblox.html - module: infoblox nios: diff --git a/x-pack/filebeat/modules.d/iptables.yml.disabled b/x-pack/filebeat/modules.d/iptables.yml.disabled index 1147e14dded1..52ae31d7fe07 100644 --- a/x-pack/filebeat/modules.d/iptables.yml.disabled +++ b/x-pack/filebeat/modules.d/iptables.yml.disabled @@ -1,5 +1,5 @@ # Module: iptables -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-iptables.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-iptables.html - module: iptables log: diff --git a/x-pack/filebeat/modules.d/juniper.yml.disabled b/x-pack/filebeat/modules.d/juniper.yml.disabled index 71112679db02..999b36e4e1d4 100644 --- a/x-pack/filebeat/modules.d/juniper.yml.disabled +++ b/x-pack/filebeat/modules.d/juniper.yml.disabled @@ -1,5 +1,5 @@ # Module: juniper -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-juniper.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-juniper.html - module: juniper junos: diff --git a/x-pack/filebeat/modules.d/microsoft.yml.disabled b/x-pack/filebeat/modules.d/microsoft.yml.disabled index f73c209386d2..28e65d7de7d8 100644 --- a/x-pack/filebeat/modules.d/microsoft.yml.disabled +++ b/x-pack/filebeat/modules.d/microsoft.yml.disabled @@ -1,5 +1,5 @@ # Module: microsoft -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-microsoft.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-microsoft.html - module: microsoft # ATP configuration diff --git a/x-pack/filebeat/modules.d/misp.yml.disabled b/x-pack/filebeat/modules.d/misp.yml.disabled index 9a489fa0f3dd..2980390d6571 100644 --- a/x-pack/filebeat/modules.d/misp.yml.disabled +++ b/x-pack/filebeat/modules.d/misp.yml.disabled @@ -1,5 +1,5 @@ # Module: misp -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-misp.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-misp.html - module: misp threat: diff --git a/x-pack/filebeat/modules.d/mssql.yml.disabled b/x-pack/filebeat/modules.d/mssql.yml.disabled index bfe4c6e64993..1c7507ca5983 100644 --- a/x-pack/filebeat/modules.d/mssql.yml.disabled +++ b/x-pack/filebeat/modules.d/mssql.yml.disabled @@ -1,5 +1,5 @@ # Module: mssql -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-mssql.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-mssql.html - module: mssql # Fileset for native deployment diff --git a/x-pack/filebeat/modules.d/mysqlenterprise.yml.disabled b/x-pack/filebeat/modules.d/mysqlenterprise.yml.disabled index 37e10d0eb734..69da526281e6 100644 --- a/x-pack/filebeat/modules.d/mysqlenterprise.yml.disabled +++ b/x-pack/filebeat/modules.d/mysqlenterprise.yml.disabled @@ -1,5 +1,5 @@ # Module: mysqlenterprise -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-mysqlenterprise.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-mysqlenterprise.html - module: mysqlenterprise audit: diff --git a/x-pack/filebeat/modules.d/netflow.yml.disabled b/x-pack/filebeat/modules.d/netflow.yml.disabled index 781748b00e05..64469e67ca85 100644 --- a/x-pack/filebeat/modules.d/netflow.yml.disabled +++ b/x-pack/filebeat/modules.d/netflow.yml.disabled @@ -1,5 +1,5 @@ # Module: netflow -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-netflow.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-netflow.html - module: netflow log: diff --git a/x-pack/filebeat/modules.d/netscout.yml.disabled b/x-pack/filebeat/modules.d/netscout.yml.disabled index 2153490464a8..f4a14ba30e5f 100644 --- a/x-pack/filebeat/modules.d/netscout.yml.disabled +++ b/x-pack/filebeat/modules.d/netscout.yml.disabled @@ -1,5 +1,5 @@ # Module: netscout -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-netscout.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-netscout.html - module: netscout sightline: diff --git a/x-pack/filebeat/modules.d/o365.yml.disabled b/x-pack/filebeat/modules.d/o365.yml.disabled index 578ff365df70..f15fa09040ed 100644 --- a/x-pack/filebeat/modules.d/o365.yml.disabled +++ b/x-pack/filebeat/modules.d/o365.yml.disabled @@ -1,5 +1,5 @@ # Module: o365 -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-o365.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-o365.html - module: o365 audit: diff --git a/x-pack/filebeat/modules.d/okta.yml.disabled b/x-pack/filebeat/modules.d/okta.yml.disabled index 4fc94359267e..0038d04aa881 100644 --- a/x-pack/filebeat/modules.d/okta.yml.disabled +++ b/x-pack/filebeat/modules.d/okta.yml.disabled @@ -1,5 +1,5 @@ # Module: okta -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-okta.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-okta.html - module: okta system: diff --git a/x-pack/filebeat/modules.d/oracle.yml.disabled b/x-pack/filebeat/modules.d/oracle.yml.disabled index 3bd576ee1bbd..b7cdd6ea7abe 100644 --- a/x-pack/filebeat/modules.d/oracle.yml.disabled +++ b/x-pack/filebeat/modules.d/oracle.yml.disabled @@ -1,5 +1,5 @@ # Module: oracle -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-oracle.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-oracle.html - module: oracle database_audit: diff --git a/x-pack/filebeat/modules.d/panw.yml.disabled b/x-pack/filebeat/modules.d/panw.yml.disabled index eb094a25a619..46d4bdc4a934 100644 --- a/x-pack/filebeat/modules.d/panw.yml.disabled +++ b/x-pack/filebeat/modules.d/panw.yml.disabled @@ -1,5 +1,5 @@ # Module: panw -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-panw.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-panw.html - module: panw panos: diff --git a/x-pack/filebeat/modules.d/proofpoint.yml.disabled b/x-pack/filebeat/modules.d/proofpoint.yml.disabled index 9aeebd5fe29d..cb5952fb8caa 100644 --- a/x-pack/filebeat/modules.d/proofpoint.yml.disabled +++ b/x-pack/filebeat/modules.d/proofpoint.yml.disabled @@ -1,5 +1,5 @@ # Module: proofpoint -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-proofpoint.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-proofpoint.html - module: proofpoint emailsecurity: diff --git a/x-pack/filebeat/modules.d/rabbitmq.yml.disabled b/x-pack/filebeat/modules.d/rabbitmq.yml.disabled index e61a0a0c91af..b5071e1a6bd5 100644 --- a/x-pack/filebeat/modules.d/rabbitmq.yml.disabled +++ b/x-pack/filebeat/modules.d/rabbitmq.yml.disabled @@ -1,5 +1,5 @@ # Module: rabbitmq -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-rabbitmq.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-rabbitmq.html - module: rabbitmq # All logs diff --git a/x-pack/filebeat/modules.d/radware.yml.disabled b/x-pack/filebeat/modules.d/radware.yml.disabled index f9ab3e519df3..d6a831a48cbb 100644 --- a/x-pack/filebeat/modules.d/radware.yml.disabled +++ b/x-pack/filebeat/modules.d/radware.yml.disabled @@ -1,5 +1,5 @@ # Module: radware -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-radware.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-radware.html - module: radware defensepro: diff --git a/x-pack/filebeat/modules.d/snort.yml.disabled b/x-pack/filebeat/modules.d/snort.yml.disabled index 8c9bcc471429..6cffa6d4e108 100644 --- a/x-pack/filebeat/modules.d/snort.yml.disabled +++ b/x-pack/filebeat/modules.d/snort.yml.disabled @@ -1,5 +1,5 @@ # Module: snort -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-snort.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-snort.html - module: snort log: diff --git a/x-pack/filebeat/modules.d/snyk.yml.disabled b/x-pack/filebeat/modules.d/snyk.yml.disabled index 0b13f815517c..709cf3456c3c 100644 --- a/x-pack/filebeat/modules.d/snyk.yml.disabled +++ b/x-pack/filebeat/modules.d/snyk.yml.disabled @@ -1,5 +1,5 @@ # Module: snyk -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-snyk.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-snyk.html - module: snyk audit: diff --git a/x-pack/filebeat/modules.d/sonicwall.yml.disabled b/x-pack/filebeat/modules.d/sonicwall.yml.disabled index de457109d0bb..45fd076565c1 100644 --- a/x-pack/filebeat/modules.d/sonicwall.yml.disabled +++ b/x-pack/filebeat/modules.d/sonicwall.yml.disabled @@ -1,5 +1,5 @@ # Module: sonicwall -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-sonicwall.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-sonicwall.html - module: sonicwall firewall: diff --git a/x-pack/filebeat/modules.d/sophos.yml.disabled b/x-pack/filebeat/modules.d/sophos.yml.disabled index 8fc346540c0b..90b1c8f37a20 100644 --- a/x-pack/filebeat/modules.d/sophos.yml.disabled +++ b/x-pack/filebeat/modules.d/sophos.yml.disabled @@ -1,5 +1,5 @@ # Module: sophos -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-sophos.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-sophos.html - module: sophos xg: diff --git a/x-pack/filebeat/modules.d/squid.yml.disabled b/x-pack/filebeat/modules.d/squid.yml.disabled index a47807253ad0..16f238a3f7de 100644 --- a/x-pack/filebeat/modules.d/squid.yml.disabled +++ b/x-pack/filebeat/modules.d/squid.yml.disabled @@ -1,5 +1,5 @@ # Module: squid -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-squid.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-squid.html - module: squid log: diff --git a/x-pack/filebeat/modules.d/suricata.yml.disabled b/x-pack/filebeat/modules.d/suricata.yml.disabled index 1edd3f832917..f156730e2bad 100644 --- a/x-pack/filebeat/modules.d/suricata.yml.disabled +++ b/x-pack/filebeat/modules.d/suricata.yml.disabled @@ -1,5 +1,5 @@ # Module: suricata -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-suricata.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-suricata.html - module: suricata # All logs diff --git a/x-pack/filebeat/modules.d/threatintel.yml.disabled b/x-pack/filebeat/modules.d/threatintel.yml.disabled index e64e05a81f73..f4b80966eeba 100644 --- a/x-pack/filebeat/modules.d/threatintel.yml.disabled +++ b/x-pack/filebeat/modules.d/threatintel.yml.disabled @@ -1,5 +1,5 @@ # Module: threatintel -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-threatintel.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-threatintel.html - module: threatintel abuseurl: diff --git a/x-pack/filebeat/modules.d/tomcat.yml.disabled b/x-pack/filebeat/modules.d/tomcat.yml.disabled index 84f4619d5b56..bc2c05566317 100644 --- a/x-pack/filebeat/modules.d/tomcat.yml.disabled +++ b/x-pack/filebeat/modules.d/tomcat.yml.disabled @@ -1,5 +1,5 @@ # Module: tomcat -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-tomcat.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-tomcat.html - module: tomcat log: diff --git a/x-pack/filebeat/modules.d/zeek.yml.disabled b/x-pack/filebeat/modules.d/zeek.yml.disabled index 8595f0d21692..8b0eb4647a84 100644 --- a/x-pack/filebeat/modules.d/zeek.yml.disabled +++ b/x-pack/filebeat/modules.d/zeek.yml.disabled @@ -1,5 +1,5 @@ # Module: zeek -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-zeek.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-zeek.html - module: zeek capture_loss: diff --git a/x-pack/filebeat/modules.d/zoom.yml.disabled b/x-pack/filebeat/modules.d/zoom.yml.disabled index 15fa9d4b23cf..b9b495aa9942 100644 --- a/x-pack/filebeat/modules.d/zoom.yml.disabled +++ b/x-pack/filebeat/modules.d/zoom.yml.disabled @@ -1,5 +1,5 @@ # Module: zoom -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-zoom.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-zoom.html - module: zoom webhook: diff --git a/x-pack/filebeat/modules.d/zscaler.yml.disabled b/x-pack/filebeat/modules.d/zscaler.yml.disabled index accdec9ead94..af5a6d0ebddf 100644 --- a/x-pack/filebeat/modules.d/zscaler.yml.disabled +++ b/x-pack/filebeat/modules.d/zscaler.yml.disabled @@ -1,5 +1,5 @@ # Module: zscaler -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-zscaler.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-zscaler.html - module: zscaler zia: diff --git a/x-pack/metricbeat/modules.d/activemq.yml.disabled b/x-pack/metricbeat/modules.d/activemq.yml.disabled index 16756a9c40c7..90cbed5a82da 100644 --- a/x-pack/metricbeat/modules.d/activemq.yml.disabled +++ b/x-pack/metricbeat/modules.d/activemq.yml.disabled @@ -1,5 +1,5 @@ # Module: activemq -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-activemq.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-activemq.html - module: activemq metricsets: ['broker', 'queue', 'topic'] diff --git a/x-pack/metricbeat/modules.d/appsearch.yml.disabled b/x-pack/metricbeat/modules.d/appsearch.yml.disabled index 829a37153585..4caccf4f49d6 100644 --- a/x-pack/metricbeat/modules.d/appsearch.yml.disabled +++ b/x-pack/metricbeat/modules.d/appsearch.yml.disabled @@ -1,5 +1,5 @@ # Module: appsearch -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-appsearch.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-appsearch.html - module: appsearch metricsets: ["stats"] diff --git a/x-pack/metricbeat/modules.d/aws.yml.disabled b/x-pack/metricbeat/modules.d/aws.yml.disabled index ffcf68887ec3..3a6f181993fc 100644 --- a/x-pack/metricbeat/modules.d/aws.yml.disabled +++ b/x-pack/metricbeat/modules.d/aws.yml.disabled @@ -1,5 +1,5 @@ # Module: aws -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-aws.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-aws.html - module: aws period: 1m diff --git a/x-pack/metricbeat/modules.d/awsfargate.yml.disabled b/x-pack/metricbeat/modules.d/awsfargate.yml.disabled index ba9aba8f9cfa..a596c81263aa 100644 --- a/x-pack/metricbeat/modules.d/awsfargate.yml.disabled +++ b/x-pack/metricbeat/modules.d/awsfargate.yml.disabled @@ -1,5 +1,5 @@ # Module: awsfargate -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-awsfargate.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-awsfargate.html - module: awsfargate period: 10s diff --git a/x-pack/metricbeat/modules.d/azure.yml.disabled b/x-pack/metricbeat/modules.d/azure.yml.disabled index 7020c46eb2dc..fd55c2899c99 100644 --- a/x-pack/metricbeat/modules.d/azure.yml.disabled +++ b/x-pack/metricbeat/modules.d/azure.yml.disabled @@ -1,5 +1,5 @@ # Module: azure -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-azure.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-azure.html - module: azure metricsets: diff --git a/x-pack/metricbeat/modules.d/cloudfoundry.yml.disabled b/x-pack/metricbeat/modules.d/cloudfoundry.yml.disabled index c3e1d25ac338..a0e89ecc990c 100644 --- a/x-pack/metricbeat/modules.d/cloudfoundry.yml.disabled +++ b/x-pack/metricbeat/modules.d/cloudfoundry.yml.disabled @@ -1,5 +1,5 @@ # Module: cloudfoundry -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-cloudfoundry.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-cloudfoundry.html - module: cloudfoundry metricsets: diff --git a/x-pack/metricbeat/modules.d/cockroachdb.yml.disabled b/x-pack/metricbeat/modules.d/cockroachdb.yml.disabled index 5c55bd9c3eb7..36e6633d005e 100644 --- a/x-pack/metricbeat/modules.d/cockroachdb.yml.disabled +++ b/x-pack/metricbeat/modules.d/cockroachdb.yml.disabled @@ -1,5 +1,5 @@ # Module: cockroachdb -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-cockroachdb.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-cockroachdb.html - module: cockroachdb metricsets: ['status'] diff --git a/x-pack/metricbeat/modules.d/coredns.yml.disabled b/x-pack/metricbeat/modules.d/coredns.yml.disabled index 098aa97d321c..b6231a03eb84 100644 --- a/x-pack/metricbeat/modules.d/coredns.yml.disabled +++ b/x-pack/metricbeat/modules.d/coredns.yml.disabled @@ -1,5 +1,5 @@ # Module: coredns -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-coredns.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-coredns.html - module: coredns metricsets: ["stats"] diff --git a/x-pack/metricbeat/modules.d/gcp.yml.disabled b/x-pack/metricbeat/modules.d/gcp.yml.disabled index 5ded23530d8c..50ad7d381b1d 100644 --- a/x-pack/metricbeat/modules.d/gcp.yml.disabled +++ b/x-pack/metricbeat/modules.d/gcp.yml.disabled @@ -1,5 +1,5 @@ # Module: gcp -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-gcp.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-gcp.html - module: gcp metricsets: diff --git a/x-pack/metricbeat/modules.d/ibmmq.yml.disabled b/x-pack/metricbeat/modules.d/ibmmq.yml.disabled index f26e218d0bfd..edcbb811c79c 100644 --- a/x-pack/metricbeat/modules.d/ibmmq.yml.disabled +++ b/x-pack/metricbeat/modules.d/ibmmq.yml.disabled @@ -1,5 +1,5 @@ # Module: ibmmq -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-ibmmq.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-ibmmq.html - module: ibmmq metricsets: ['qmgr'] diff --git a/x-pack/metricbeat/modules.d/iis.yml.disabled b/x-pack/metricbeat/modules.d/iis.yml.disabled index 476c6a43b2d9..f638e5d7f768 100644 --- a/x-pack/metricbeat/modules.d/iis.yml.disabled +++ b/x-pack/metricbeat/modules.d/iis.yml.disabled @@ -1,5 +1,5 @@ # Module: iis -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-iis.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-iis.html - module: iis metricsets: diff --git a/x-pack/metricbeat/modules.d/istio.yml.disabled b/x-pack/metricbeat/modules.d/istio.yml.disabled index 1487503a204f..4b2aa044c28b 100644 --- a/x-pack/metricbeat/modules.d/istio.yml.disabled +++ b/x-pack/metricbeat/modules.d/istio.yml.disabled @@ -1,5 +1,5 @@ # Module: istio -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-istio.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-istio.html # Istio mesh. To collect all Mixer-generated metrics - module: istio diff --git a/x-pack/metricbeat/modules.d/mssql.yml.disabled b/x-pack/metricbeat/modules.d/mssql.yml.disabled index e6cd92d22d51..a112c7bbc48b 100644 --- a/x-pack/metricbeat/modules.d/mssql.yml.disabled +++ b/x-pack/metricbeat/modules.d/mssql.yml.disabled @@ -1,5 +1,5 @@ # Module: mssql -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-mssql.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-mssql.html - module: mssql metricsets: diff --git a/x-pack/metricbeat/modules.d/openmetrics.yml.disabled b/x-pack/metricbeat/modules.d/openmetrics.yml.disabled index 253123160014..a0b0a507df8c 100644 --- a/x-pack/metricbeat/modules.d/openmetrics.yml.disabled +++ b/x-pack/metricbeat/modules.d/openmetrics.yml.disabled @@ -1,5 +1,5 @@ # Module: openmetrics -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-openmetrics.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-openmetrics.html - module: openmetrics metricsets: ['collector'] diff --git a/x-pack/metricbeat/modules.d/oracle.yml.disabled b/x-pack/metricbeat/modules.d/oracle.yml.disabled index 46207ba0ae43..3216b2a28bac 100644 --- a/x-pack/metricbeat/modules.d/oracle.yml.disabled +++ b/x-pack/metricbeat/modules.d/oracle.yml.disabled @@ -1,5 +1,5 @@ # Module: oracle -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-oracle.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-oracle.html - module: oracle metricsets: ["tablespace", "performance"] diff --git a/x-pack/metricbeat/modules.d/prometheus.yml.disabled b/x-pack/metricbeat/modules.d/prometheus.yml.disabled index fbd6905d44a2..f1e4389de213 100644 --- a/x-pack/metricbeat/modules.d/prometheus.yml.disabled +++ b/x-pack/metricbeat/modules.d/prometheus.yml.disabled @@ -1,5 +1,5 @@ # Module: prometheus -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-prometheus.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-prometheus.html - module: prometheus period: 10s diff --git a/x-pack/metricbeat/modules.d/redisenterprise.yml.disabled b/x-pack/metricbeat/modules.d/redisenterprise.yml.disabled index 81849192c981..d1562b6ac26f 100644 --- a/x-pack/metricbeat/modules.d/redisenterprise.yml.disabled +++ b/x-pack/metricbeat/modules.d/redisenterprise.yml.disabled @@ -1,5 +1,5 @@ # Module: redisenterprise -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-redisenterprise.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-redisenterprise.html - module: redisenterprise metricsets: diff --git a/x-pack/metricbeat/modules.d/sql.yml.disabled b/x-pack/metricbeat/modules.d/sql.yml.disabled index 0c2597f31c63..cd368fc16465 100644 --- a/x-pack/metricbeat/modules.d/sql.yml.disabled +++ b/x-pack/metricbeat/modules.d/sql.yml.disabled @@ -1,5 +1,5 @@ # Module: sql -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-sql.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-sql.html - module: sql metricsets: diff --git a/x-pack/metricbeat/modules.d/stan.yml.disabled b/x-pack/metricbeat/modules.d/stan.yml.disabled index 572b418a155f..2e52baae9c29 100644 --- a/x-pack/metricbeat/modules.d/stan.yml.disabled +++ b/x-pack/metricbeat/modules.d/stan.yml.disabled @@ -1,5 +1,5 @@ # Module: stan -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-stan.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-stan.html - module: stan metricsets: ["stats", "subscriptions", "channels"] diff --git a/x-pack/metricbeat/modules.d/statsd.yml.disabled b/x-pack/metricbeat/modules.d/statsd.yml.disabled index 6cf8c68ab2d0..39d1a76b7850 100644 --- a/x-pack/metricbeat/modules.d/statsd.yml.disabled +++ b/x-pack/metricbeat/modules.d/statsd.yml.disabled @@ -1,5 +1,5 @@ # Module: statsd -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-statsd.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-statsd.html - module: statsd host: "localhost" diff --git a/x-pack/metricbeat/modules.d/tomcat.yml.disabled b/x-pack/metricbeat/modules.d/tomcat.yml.disabled index 233eaa747959..7bb0edbbc5e2 100644 --- a/x-pack/metricbeat/modules.d/tomcat.yml.disabled +++ b/x-pack/metricbeat/modules.d/tomcat.yml.disabled @@ -1,5 +1,5 @@ # Module: tomcat -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-tomcat.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-tomcat.html - module: tomcat metricsets: ['threading', 'cache', 'memory', 'requests'] From 68f2600f665992f2b6e78b03d2bed0f4330d7940 Mon Sep 17 00:00:00 2001 From: elasticmachine Date: Wed, 21 Apr 2021 05:41:17 +0000 Subject: [PATCH 2/4] chore: update test environment --- testing/environments/snapshot-oss.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/testing/environments/snapshot-oss.yml b/testing/environments/snapshot-oss.yml index 6691044e03fd..19758bf474c2 100644 --- a/testing/environments/snapshot-oss.yml +++ b/testing/environments/snapshot-oss.yml @@ -3,7 +3,7 @@ version: '2.3' services: elasticsearch: - image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.12.0-SNAPSHOT + image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.13.0-SNAPSHOT healthcheck: test: ["CMD-SHELL", "curl -s http://localhost:9200/_cat/health?h=status | grep -q green"] retries: 300 @@ -15,7 +15,7 @@ services: - "http.host=0.0.0.0" logstash: - image: docker.elastic.co/logstash/logstash-oss:7.12.0-SNAPSHOT + image: docker.elastic.co/logstash/logstash-oss:7.13.0-SNAPSHOT healthcheck: test: ["CMD", "curl", "-f", "http://localhost:9600/_node/stats"] retries: 600 @@ -25,7 +25,7 @@ services: - ./docker/logstash/pki:/etc/pki:ro kibana: - image: docker.elastic.co/kibana/kibana-oss:7.12.0-SNAPSHOT + image: docker.elastic.co/kibana/kibana-oss:7.13.0-SNAPSHOT healthcheck: test: ["CMD-SHELL", "curl -s http://localhost:5601/api/status | grep -q 'Looking good'"] retries: 600 From d99a4460fc2cc7d9257c71f708f272538efcf582 Mon Sep 17 00:00:00 2001 From: elasticmachine Date: Wed, 21 Apr 2021 05:48:55 +0000 Subject: [PATCH 3/4] fix: make update changes --- deploy/kubernetes/elastic-agent-standalone-kubernetes.yaml | 2 +- deploy/kubernetes/heartbeat-kubernetes.yaml | 2 +- filebeat/modules.d/apache.yml.disabled | 2 +- filebeat/modules.d/auditd.yml.disabled | 2 +- filebeat/modules.d/elasticsearch.yml.disabled | 2 +- filebeat/modules.d/haproxy.yml.disabled | 2 +- filebeat/modules.d/icinga.yml.disabled | 2 +- filebeat/modules.d/iis.yml.disabled | 2 +- filebeat/modules.d/kafka.yml.disabled | 2 +- filebeat/modules.d/kibana.yml.disabled | 2 +- filebeat/modules.d/logstash.yml.disabled | 2 +- filebeat/modules.d/mongodb.yml.disabled | 2 +- filebeat/modules.d/mysql.yml.disabled | 2 +- filebeat/modules.d/nats.yml.disabled | 2 +- filebeat/modules.d/nginx.yml.disabled | 2 +- filebeat/modules.d/osquery.yml.disabled | 2 +- filebeat/modules.d/pensando.yml.disabled | 2 +- filebeat/modules.d/postgresql.yml.disabled | 2 +- filebeat/modules.d/redis.yml.disabled | 2 +- filebeat/modules.d/santa.yml.disabled | 2 +- filebeat/modules.d/system.yml.disabled | 2 +- filebeat/modules.d/traefik.yml.disabled | 2 +- metricbeat/modules.d/aerospike.yml.disabled | 2 +- metricbeat/modules.d/apache.yml.disabled | 2 +- metricbeat/modules.d/beat-xpack.yml.disabled | 2 +- metricbeat/modules.d/beat.yml.disabled | 2 +- metricbeat/modules.d/ceph-mgr.yml.disabled | 2 +- metricbeat/modules.d/ceph.yml.disabled | 2 +- metricbeat/modules.d/consul.yml.disabled | 2 +- metricbeat/modules.d/couchbase.yml.disabled | 2 +- metricbeat/modules.d/couchdb.yml.disabled | 2 +- metricbeat/modules.d/docker.yml.disabled | 2 +- metricbeat/modules.d/dropwizard.yml.disabled | 2 +- metricbeat/modules.d/elasticsearch-xpack.yml.disabled | 2 +- metricbeat/modules.d/elasticsearch.yml.disabled | 2 +- metricbeat/modules.d/envoyproxy.yml.disabled | 2 +- metricbeat/modules.d/etcd.yml.disabled | 2 +- metricbeat/modules.d/golang.yml.disabled | 2 +- metricbeat/modules.d/graphite.yml.disabled | 2 +- metricbeat/modules.d/haproxy.yml.disabled | 2 +- metricbeat/modules.d/http.yml.disabled | 2 +- metricbeat/modules.d/jolokia.yml.disabled | 2 +- metricbeat/modules.d/kafka.yml.disabled | 2 +- metricbeat/modules.d/kibana-xpack.yml.disabled | 2 +- metricbeat/modules.d/kibana.yml.disabled | 2 +- metricbeat/modules.d/kubernetes.yml.disabled | 2 +- metricbeat/modules.d/kvm.yml.disabled | 2 +- metricbeat/modules.d/linux.yml.disabled | 2 +- metricbeat/modules.d/logstash-xpack.yml.disabled | 2 +- metricbeat/modules.d/logstash.yml.disabled | 2 +- metricbeat/modules.d/memcached.yml.disabled | 2 +- metricbeat/modules.d/mongodb.yml.disabled | 2 +- metricbeat/modules.d/munin.yml.disabled | 2 +- metricbeat/modules.d/mysql.yml.disabled | 2 +- metricbeat/modules.d/nats.yml.disabled | 2 +- metricbeat/modules.d/nginx.yml.disabled | 2 +- metricbeat/modules.d/php_fpm.yml.disabled | 2 +- metricbeat/modules.d/postgresql.yml.disabled | 2 +- metricbeat/modules.d/prometheus.yml.disabled | 2 +- metricbeat/modules.d/rabbitmq.yml.disabled | 2 +- metricbeat/modules.d/redis.yml.disabled | 2 +- metricbeat/modules.d/system.yml | 2 +- metricbeat/modules.d/traefik.yml.disabled | 2 +- metricbeat/modules.d/uwsgi.yml.disabled | 2 +- metricbeat/modules.d/vsphere.yml.disabled | 2 +- metricbeat/modules.d/windows.yml.disabled | 2 +- metricbeat/modules.d/zookeeper.yml.disabled | 2 +- x-pack/filebeat/modules.d/activemq.yml.disabled | 2 +- x-pack/filebeat/modules.d/aws.yml.disabled | 2 +- x-pack/filebeat/modules.d/awsfargate.yml.disabled | 2 +- x-pack/filebeat/modules.d/azure.yml.disabled | 2 +- x-pack/filebeat/modules.d/barracuda.yml.disabled | 2 +- x-pack/filebeat/modules.d/bluecoat.yml.disabled | 2 +- x-pack/filebeat/modules.d/cef.yml.disabled | 2 +- x-pack/filebeat/modules.d/checkpoint.yml.disabled | 2 +- x-pack/filebeat/modules.d/cisco.yml.disabled | 2 +- x-pack/filebeat/modules.d/coredns.yml.disabled | 2 +- x-pack/filebeat/modules.d/crowdstrike.yml.disabled | 2 +- x-pack/filebeat/modules.d/cyberark.yml.disabled | 2 +- x-pack/filebeat/modules.d/cyberarkpas.yml.disabled | 2 +- x-pack/filebeat/modules.d/cylance.yml.disabled | 2 +- x-pack/filebeat/modules.d/envoyproxy.yml.disabled | 2 +- x-pack/filebeat/modules.d/f5.yml.disabled | 2 +- x-pack/filebeat/modules.d/fortinet.yml.disabled | 2 +- x-pack/filebeat/modules.d/gcp.yml.disabled | 2 +- x-pack/filebeat/modules.d/google_workspace.yml.disabled | 2 +- x-pack/filebeat/modules.d/googlecloud.yml.disabled | 2 +- x-pack/filebeat/modules.d/gsuite.yml.disabled | 2 +- x-pack/filebeat/modules.d/ibmmq.yml.disabled | 2 +- x-pack/filebeat/modules.d/imperva.yml.disabled | 2 +- x-pack/filebeat/modules.d/infoblox.yml.disabled | 2 +- x-pack/filebeat/modules.d/iptables.yml.disabled | 2 +- x-pack/filebeat/modules.d/juniper.yml.disabled | 2 +- x-pack/filebeat/modules.d/microsoft.yml.disabled | 2 +- x-pack/filebeat/modules.d/misp.yml.disabled | 2 +- x-pack/filebeat/modules.d/mssql.yml.disabled | 2 +- x-pack/filebeat/modules.d/mysqlenterprise.yml.disabled | 2 +- x-pack/filebeat/modules.d/netflow.yml.disabled | 2 +- x-pack/filebeat/modules.d/netscout.yml.disabled | 2 +- x-pack/filebeat/modules.d/o365.yml.disabled | 2 +- x-pack/filebeat/modules.d/okta.yml.disabled | 2 +- x-pack/filebeat/modules.d/oracle.yml.disabled | 2 +- x-pack/filebeat/modules.d/panw.yml.disabled | 2 +- x-pack/filebeat/modules.d/proofpoint.yml.disabled | 2 +- x-pack/filebeat/modules.d/rabbitmq.yml.disabled | 2 +- x-pack/filebeat/modules.d/radware.yml.disabled | 2 +- x-pack/filebeat/modules.d/snort.yml.disabled | 2 +- x-pack/filebeat/modules.d/snyk.yml.disabled | 2 +- x-pack/filebeat/modules.d/sonicwall.yml.disabled | 2 +- x-pack/filebeat/modules.d/sophos.yml.disabled | 2 +- x-pack/filebeat/modules.d/squid.yml.disabled | 2 +- x-pack/filebeat/modules.d/suricata.yml.disabled | 2 +- x-pack/filebeat/modules.d/threatintel.yml.disabled | 2 +- x-pack/filebeat/modules.d/tomcat.yml.disabled | 2 +- x-pack/filebeat/modules.d/zeek.yml.disabled | 2 +- x-pack/filebeat/modules.d/zoom.yml.disabled | 2 +- x-pack/filebeat/modules.d/zscaler.yml.disabled | 2 +- x-pack/metricbeat/modules.d/activemq.yml.disabled | 2 +- x-pack/metricbeat/modules.d/appsearch.yml.disabled | 2 +- x-pack/metricbeat/modules.d/aws.yml.disabled | 2 +- x-pack/metricbeat/modules.d/awsfargate.yml.disabled | 2 +- x-pack/metricbeat/modules.d/azure.yml.disabled | 2 +- x-pack/metricbeat/modules.d/cloudfoundry.yml.disabled | 2 +- x-pack/metricbeat/modules.d/cockroachdb.yml.disabled | 2 +- x-pack/metricbeat/modules.d/coredns.yml.disabled | 2 +- x-pack/metricbeat/modules.d/gcp.yml.disabled | 2 +- x-pack/metricbeat/modules.d/ibmmq.yml.disabled | 2 +- x-pack/metricbeat/modules.d/iis.yml.disabled | 2 +- x-pack/metricbeat/modules.d/istio.yml.disabled | 2 +- x-pack/metricbeat/modules.d/mssql.yml.disabled | 2 +- x-pack/metricbeat/modules.d/openmetrics.yml.disabled | 2 +- x-pack/metricbeat/modules.d/oracle.yml.disabled | 2 +- x-pack/metricbeat/modules.d/prometheus.yml.disabled | 2 +- x-pack/metricbeat/modules.d/redisenterprise.yml.disabled | 2 +- x-pack/metricbeat/modules.d/sql.yml.disabled | 2 +- x-pack/metricbeat/modules.d/stan.yml.disabled | 2 +- x-pack/metricbeat/modules.d/statsd.yml.disabled | 2 +- x-pack/metricbeat/modules.d/tomcat.yml.disabled | 2 +- 138 files changed, 138 insertions(+), 138 deletions(-) diff --git a/deploy/kubernetes/elastic-agent-standalone-kubernetes.yaml b/deploy/kubernetes/elastic-agent-standalone-kubernetes.yaml index 78a9552a78e4..71b0b0e5fe78 100644 --- a/deploy/kubernetes/elastic-agent-standalone-kubernetes.yaml +++ b/deploy/kubernetes/elastic-agent-standalone-kubernetes.yaml @@ -458,7 +458,7 @@ spec: dnsPolicy: ClusterFirstWithHostNet containers: - name: elastic-agent - image: docker.elastic.co/beats/elastic-agent:7.11.0 + image: docker.elastic.co/beats/elastic-agent:7.13.0 args: [ "-c", "/etc/agent.yml", "-e", diff --git a/deploy/kubernetes/heartbeat-kubernetes.yaml b/deploy/kubernetes/heartbeat-kubernetes.yaml index b516725b2465..146e1f6c816e 100644 --- a/deploy/kubernetes/heartbeat-kubernetes.yaml +++ b/deploy/kubernetes/heartbeat-kubernetes.yaml @@ -74,7 +74,7 @@ spec: dnsPolicy: ClusterFirstWithHostNet containers: - name: heartbeat - image: docker.elastic.co/beats/heartbeat:7.11.0 + image: docker.elastic.co/beats/heartbeat:7.13.0 args: [ "-c", "/etc/heartbeat.yml", "-e", diff --git a/filebeat/modules.d/apache.yml.disabled b/filebeat/modules.d/apache.yml.disabled index aee05dd99a71..b923dd581257 100644 --- a/filebeat/modules.d/apache.yml.disabled +++ b/filebeat/modules.d/apache.yml.disabled @@ -1,5 +1,5 @@ # Module: apache -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-apache.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-apache.html - module: apache # Access logs diff --git a/filebeat/modules.d/auditd.yml.disabled b/filebeat/modules.d/auditd.yml.disabled index 4153dfa34954..76296ec8514a 100644 --- a/filebeat/modules.d/auditd.yml.disabled +++ b/filebeat/modules.d/auditd.yml.disabled @@ -1,5 +1,5 @@ # Module: auditd -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-auditd.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-auditd.html - module: auditd log: diff --git a/filebeat/modules.d/elasticsearch.yml.disabled b/filebeat/modules.d/elasticsearch.yml.disabled index 145a93b9c01e..e6074c05e36e 100644 --- a/filebeat/modules.d/elasticsearch.yml.disabled +++ b/filebeat/modules.d/elasticsearch.yml.disabled @@ -1,5 +1,5 @@ # Module: elasticsearch -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-elasticsearch.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-elasticsearch.html - module: elasticsearch # Server log diff --git a/filebeat/modules.d/haproxy.yml.disabled b/filebeat/modules.d/haproxy.yml.disabled index 02870049e8cb..b2615dbb8f70 100644 --- a/filebeat/modules.d/haproxy.yml.disabled +++ b/filebeat/modules.d/haproxy.yml.disabled @@ -1,5 +1,5 @@ # Module: haproxy -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-haproxy.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-haproxy.html - module: haproxy # All logs diff --git a/filebeat/modules.d/icinga.yml.disabled b/filebeat/modules.d/icinga.yml.disabled index def5e7846134..a7c3ac6e1963 100644 --- a/filebeat/modules.d/icinga.yml.disabled +++ b/filebeat/modules.d/icinga.yml.disabled @@ -1,5 +1,5 @@ # Module: icinga -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-icinga.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-icinga.html - module: icinga # Main logs diff --git a/filebeat/modules.d/iis.yml.disabled b/filebeat/modules.d/iis.yml.disabled index 4d34270b4e5a..44c200ba18c1 100644 --- a/filebeat/modules.d/iis.yml.disabled +++ b/filebeat/modules.d/iis.yml.disabled @@ -1,5 +1,5 @@ # Module: iis -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-iis.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-iis.html - module: iis # Access logs diff --git a/filebeat/modules.d/kafka.yml.disabled b/filebeat/modules.d/kafka.yml.disabled index eaa6f054d8ae..23362c8a1e2d 100644 --- a/filebeat/modules.d/kafka.yml.disabled +++ b/filebeat/modules.d/kafka.yml.disabled @@ -1,5 +1,5 @@ # Module: kafka -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-kafka.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-kafka.html - module: kafka # All logs diff --git a/filebeat/modules.d/kibana.yml.disabled b/filebeat/modules.d/kibana.yml.disabled index 6866d2004aa3..a4956c4b65a5 100644 --- a/filebeat/modules.d/kibana.yml.disabled +++ b/filebeat/modules.d/kibana.yml.disabled @@ -1,5 +1,5 @@ # Module: kibana -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-kibana.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-kibana.html - module: kibana # Server logs diff --git a/filebeat/modules.d/logstash.yml.disabled b/filebeat/modules.d/logstash.yml.disabled index 155121b433b1..f14229409b66 100644 --- a/filebeat/modules.d/logstash.yml.disabled +++ b/filebeat/modules.d/logstash.yml.disabled @@ -1,5 +1,5 @@ # Module: logstash -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-logstash.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-logstash.html - module: logstash # logs diff --git a/filebeat/modules.d/mongodb.yml.disabled b/filebeat/modules.d/mongodb.yml.disabled index 6c90e2166eeb..266d2e4e8dc2 100644 --- a/filebeat/modules.d/mongodb.yml.disabled +++ b/filebeat/modules.d/mongodb.yml.disabled @@ -1,5 +1,5 @@ # Module: mongodb -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-mongodb.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-mongodb.html - module: mongodb # All logs diff --git a/filebeat/modules.d/mysql.yml.disabled b/filebeat/modules.d/mysql.yml.disabled index eda7e6b54278..e6be4045b10f 100644 --- a/filebeat/modules.d/mysql.yml.disabled +++ b/filebeat/modules.d/mysql.yml.disabled @@ -1,5 +1,5 @@ # Module: mysql -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-mysql.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-mysql.html - module: mysql # Error logs diff --git a/filebeat/modules.d/nats.yml.disabled b/filebeat/modules.d/nats.yml.disabled index 2fea7c6ee0ae..65e44962d7ee 100644 --- a/filebeat/modules.d/nats.yml.disabled +++ b/filebeat/modules.d/nats.yml.disabled @@ -1,5 +1,5 @@ # Module: nats -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-nats.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-nats.html - module: nats # All logs diff --git a/filebeat/modules.d/nginx.yml.disabled b/filebeat/modules.d/nginx.yml.disabled index 59ced64c312d..e2fa44a782f3 100644 --- a/filebeat/modules.d/nginx.yml.disabled +++ b/filebeat/modules.d/nginx.yml.disabled @@ -1,5 +1,5 @@ # Module: nginx -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-nginx.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-nginx.html - module: nginx # Access logs diff --git a/filebeat/modules.d/osquery.yml.disabled b/filebeat/modules.d/osquery.yml.disabled index cbc05dc2ec3f..7a9a09dd8d5f 100644 --- a/filebeat/modules.d/osquery.yml.disabled +++ b/filebeat/modules.d/osquery.yml.disabled @@ -1,5 +1,5 @@ # Module: osquery -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-osquery.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-osquery.html - module: osquery result: diff --git a/filebeat/modules.d/pensando.yml.disabled b/filebeat/modules.d/pensando.yml.disabled index 2429972c0727..66bd60d76d05 100644 --- a/filebeat/modules.d/pensando.yml.disabled +++ b/filebeat/modules.d/pensando.yml.disabled @@ -1,5 +1,5 @@ # Module: pensando -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-pensando.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-pensando.html - module: pensando # Firewall logs diff --git a/filebeat/modules.d/postgresql.yml.disabled b/filebeat/modules.d/postgresql.yml.disabled index 180407f4761e..804b7f34f854 100644 --- a/filebeat/modules.d/postgresql.yml.disabled +++ b/filebeat/modules.d/postgresql.yml.disabled @@ -1,5 +1,5 @@ # Module: postgresql -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-postgresql.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-postgresql.html - module: postgresql # All logs diff --git a/filebeat/modules.d/redis.yml.disabled b/filebeat/modules.d/redis.yml.disabled index 5da2c48b0b7f..9b621dc2d28a 100644 --- a/filebeat/modules.d/redis.yml.disabled +++ b/filebeat/modules.d/redis.yml.disabled @@ -1,5 +1,5 @@ # Module: redis -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-redis.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-redis.html - module: redis # Main logs diff --git a/filebeat/modules.d/santa.yml.disabled b/filebeat/modules.d/santa.yml.disabled index a31aa7230373..1a7363547b15 100644 --- a/filebeat/modules.d/santa.yml.disabled +++ b/filebeat/modules.d/santa.yml.disabled @@ -1,5 +1,5 @@ # Module: santa -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-santa.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-santa.html - module: santa log: diff --git a/filebeat/modules.d/system.yml.disabled b/filebeat/modules.d/system.yml.disabled index 07890b98256a..d633bac043af 100644 --- a/filebeat/modules.d/system.yml.disabled +++ b/filebeat/modules.d/system.yml.disabled @@ -1,5 +1,5 @@ # Module: system -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-system.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-system.html - module: system # Syslog diff --git a/filebeat/modules.d/traefik.yml.disabled b/filebeat/modules.d/traefik.yml.disabled index ef5137d26e04..657d5ccd9297 100644 --- a/filebeat/modules.d/traefik.yml.disabled +++ b/filebeat/modules.d/traefik.yml.disabled @@ -1,5 +1,5 @@ # Module: traefik -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-traefik.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-traefik.html - module: traefik # Access logs diff --git a/metricbeat/modules.d/aerospike.yml.disabled b/metricbeat/modules.d/aerospike.yml.disabled index 1b8cb860b2f6..52fbcff13ede 100644 --- a/metricbeat/modules.d/aerospike.yml.disabled +++ b/metricbeat/modules.d/aerospike.yml.disabled @@ -1,5 +1,5 @@ # Module: aerospike -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-aerospike.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-aerospike.html - module: aerospike #metricsets: diff --git a/metricbeat/modules.d/apache.yml.disabled b/metricbeat/modules.d/apache.yml.disabled index 77e0b262d398..179681ed9ff6 100644 --- a/metricbeat/modules.d/apache.yml.disabled +++ b/metricbeat/modules.d/apache.yml.disabled @@ -1,5 +1,5 @@ # Module: apache -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-apache.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-apache.html - module: apache #metricsets: diff --git a/metricbeat/modules.d/beat-xpack.yml.disabled b/metricbeat/modules.d/beat-xpack.yml.disabled index 1f2bcb6236fb..2cfd6b70cd8c 100644 --- a/metricbeat/modules.d/beat-xpack.yml.disabled +++ b/metricbeat/modules.d/beat-xpack.yml.disabled @@ -1,5 +1,5 @@ # Module: beat -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-beat.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-beat.html - module: beat xpack.enabled: true diff --git a/metricbeat/modules.d/beat.yml.disabled b/metricbeat/modules.d/beat.yml.disabled index fc07d58782fe..cdd8419af46f 100644 --- a/metricbeat/modules.d/beat.yml.disabled +++ b/metricbeat/modules.d/beat.yml.disabled @@ -1,5 +1,5 @@ # Module: beat -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-beat.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-beat.html - module: beat metricsets: diff --git a/metricbeat/modules.d/ceph-mgr.yml.disabled b/metricbeat/modules.d/ceph-mgr.yml.disabled index 388437ea9fa9..b8da102d0064 100644 --- a/metricbeat/modules.d/ceph-mgr.yml.disabled +++ b/metricbeat/modules.d/ceph-mgr.yml.disabled @@ -1,5 +1,5 @@ # Module: ceph -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-ceph.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-ceph.html - module: ceph metricsets: diff --git a/metricbeat/modules.d/ceph.yml.disabled b/metricbeat/modules.d/ceph.yml.disabled index 3c740ad7280d..7461623af7f0 100644 --- a/metricbeat/modules.d/ceph.yml.disabled +++ b/metricbeat/modules.d/ceph.yml.disabled @@ -1,5 +1,5 @@ # Module: ceph -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-ceph.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-ceph.html - module: ceph #metricsets: diff --git a/metricbeat/modules.d/consul.yml.disabled b/metricbeat/modules.d/consul.yml.disabled index 34da53c07059..6b8cad229888 100644 --- a/metricbeat/modules.d/consul.yml.disabled +++ b/metricbeat/modules.d/consul.yml.disabled @@ -1,5 +1,5 @@ # Module: consul -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-consul.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-consul.html - module: consul metricsets: diff --git a/metricbeat/modules.d/couchbase.yml.disabled b/metricbeat/modules.d/couchbase.yml.disabled index 32ccfd79b2f3..707eb31421d7 100644 --- a/metricbeat/modules.d/couchbase.yml.disabled +++ b/metricbeat/modules.d/couchbase.yml.disabled @@ -1,5 +1,5 @@ # Module: couchbase -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-couchbase.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-couchbase.html - module: couchbase #metricsets: diff --git a/metricbeat/modules.d/couchdb.yml.disabled b/metricbeat/modules.d/couchdb.yml.disabled index ff53ffbda93d..5ae54506a868 100644 --- a/metricbeat/modules.d/couchdb.yml.disabled +++ b/metricbeat/modules.d/couchdb.yml.disabled @@ -1,5 +1,5 @@ # Module: couchdb -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-couchdb.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-couchdb.html - module: couchdb metricsets: ["server"] diff --git a/metricbeat/modules.d/docker.yml.disabled b/metricbeat/modules.d/docker.yml.disabled index db3b496b5317..7dbb97d4b78c 100644 --- a/metricbeat/modules.d/docker.yml.disabled +++ b/metricbeat/modules.d/docker.yml.disabled @@ -1,5 +1,5 @@ # Module: docker -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-docker.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-docker.html - module: docker #metricsets: diff --git a/metricbeat/modules.d/dropwizard.yml.disabled b/metricbeat/modules.d/dropwizard.yml.disabled index d090ca25f20f..cba8f09e324b 100644 --- a/metricbeat/modules.d/dropwizard.yml.disabled +++ b/metricbeat/modules.d/dropwizard.yml.disabled @@ -1,5 +1,5 @@ # Module: dropwizard -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-dropwizard.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-dropwizard.html - module: dropwizard #metricsets: diff --git a/metricbeat/modules.d/elasticsearch-xpack.yml.disabled b/metricbeat/modules.d/elasticsearch-xpack.yml.disabled index b6f11e07bccc..bcf2a7f9fbbf 100644 --- a/metricbeat/modules.d/elasticsearch-xpack.yml.disabled +++ b/metricbeat/modules.d/elasticsearch-xpack.yml.disabled @@ -1,5 +1,5 @@ # Module: elasticsearch -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-elasticsearch.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-elasticsearch.html - module: elasticsearch xpack.enabled: true diff --git a/metricbeat/modules.d/elasticsearch.yml.disabled b/metricbeat/modules.d/elasticsearch.yml.disabled index 49a9d7aafdf0..217cc03be7d1 100644 --- a/metricbeat/modules.d/elasticsearch.yml.disabled +++ b/metricbeat/modules.d/elasticsearch.yml.disabled @@ -1,5 +1,5 @@ # Module: elasticsearch -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-elasticsearch.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-elasticsearch.html - module: elasticsearch #metricsets: diff --git a/metricbeat/modules.d/envoyproxy.yml.disabled b/metricbeat/modules.d/envoyproxy.yml.disabled index 87091ab914b7..7b806d7ea101 100644 --- a/metricbeat/modules.d/envoyproxy.yml.disabled +++ b/metricbeat/modules.d/envoyproxy.yml.disabled @@ -1,5 +1,5 @@ # Module: envoyproxy -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-envoyproxy.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-envoyproxy.html - module: envoyproxy #metricsets: diff --git a/metricbeat/modules.d/etcd.yml.disabled b/metricbeat/modules.d/etcd.yml.disabled index 67fbc1ad0551..566235380924 100644 --- a/metricbeat/modules.d/etcd.yml.disabled +++ b/metricbeat/modules.d/etcd.yml.disabled @@ -1,5 +1,5 @@ # Module: etcd -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-etcd.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-etcd.html - module: etcd #metricsets: diff --git a/metricbeat/modules.d/golang.yml.disabled b/metricbeat/modules.d/golang.yml.disabled index 12670c6df72d..91d082708eb7 100644 --- a/metricbeat/modules.d/golang.yml.disabled +++ b/metricbeat/modules.d/golang.yml.disabled @@ -1,5 +1,5 @@ # Module: golang -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-golang.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-golang.html - module: golang #metricsets: diff --git a/metricbeat/modules.d/graphite.yml.disabled b/metricbeat/modules.d/graphite.yml.disabled index c0694a951558..dcf32fb42695 100644 --- a/metricbeat/modules.d/graphite.yml.disabled +++ b/metricbeat/modules.d/graphite.yml.disabled @@ -1,5 +1,5 @@ # Module: graphite -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-graphite.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-graphite.html - module: graphite #metricsets: diff --git a/metricbeat/modules.d/haproxy.yml.disabled b/metricbeat/modules.d/haproxy.yml.disabled index 0d7ef47954c1..836d732e971a 100644 --- a/metricbeat/modules.d/haproxy.yml.disabled +++ b/metricbeat/modules.d/haproxy.yml.disabled @@ -1,5 +1,5 @@ # Module: haproxy -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-haproxy.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-haproxy.html - module: haproxy #metricsets: diff --git a/metricbeat/modules.d/http.yml.disabled b/metricbeat/modules.d/http.yml.disabled index b0e03e058b4b..8320a9506801 100644 --- a/metricbeat/modules.d/http.yml.disabled +++ b/metricbeat/modules.d/http.yml.disabled @@ -1,5 +1,5 @@ # Module: http -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-http.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-http.html - module: http #metricsets: diff --git a/metricbeat/modules.d/jolokia.yml.disabled b/metricbeat/modules.d/jolokia.yml.disabled index dc4bfc9a7539..9949e4c21eb9 100644 --- a/metricbeat/modules.d/jolokia.yml.disabled +++ b/metricbeat/modules.d/jolokia.yml.disabled @@ -1,5 +1,5 @@ # Module: jolokia -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-jolokia.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-jolokia.html - module: jolokia #metricsets: ["jmx"] diff --git a/metricbeat/modules.d/kafka.yml.disabled b/metricbeat/modules.d/kafka.yml.disabled index a733bed84eea..af51afd47ae5 100644 --- a/metricbeat/modules.d/kafka.yml.disabled +++ b/metricbeat/modules.d/kafka.yml.disabled @@ -1,5 +1,5 @@ # Module: kafka -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-kafka.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-kafka.html # Kafka metrics collected using the Kafka protocol - module: kafka diff --git a/metricbeat/modules.d/kibana-xpack.yml.disabled b/metricbeat/modules.d/kibana-xpack.yml.disabled index 8ddcf8d7a2eb..1e4216662b33 100644 --- a/metricbeat/modules.d/kibana-xpack.yml.disabled +++ b/metricbeat/modules.d/kibana-xpack.yml.disabled @@ -1,5 +1,5 @@ # Module: kibana -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-kibana.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-kibana.html - module: kibana xpack.enabled: true diff --git a/metricbeat/modules.d/kibana.yml.disabled b/metricbeat/modules.d/kibana.yml.disabled index 3c7c6ec7a598..cc8e7771b400 100644 --- a/metricbeat/modules.d/kibana.yml.disabled +++ b/metricbeat/modules.d/kibana.yml.disabled @@ -1,5 +1,5 @@ # Module: kibana -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-kibana.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-kibana.html - module: kibana #metricsets: diff --git a/metricbeat/modules.d/kubernetes.yml.disabled b/metricbeat/modules.d/kubernetes.yml.disabled index 34e44d4b91b9..c0a660e41485 100644 --- a/metricbeat/modules.d/kubernetes.yml.disabled +++ b/metricbeat/modules.d/kubernetes.yml.disabled @@ -1,5 +1,5 @@ # Module: kubernetes -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-kubernetes.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-kubernetes.html # Node metrics, from kubelet: - module: kubernetes diff --git a/metricbeat/modules.d/kvm.yml.disabled b/metricbeat/modules.d/kvm.yml.disabled index 81c5d2d61541..86e8baab7002 100644 --- a/metricbeat/modules.d/kvm.yml.disabled +++ b/metricbeat/modules.d/kvm.yml.disabled @@ -1,5 +1,5 @@ # Module: kvm -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-kvm.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-kvm.html - module: kvm #metricsets: diff --git a/metricbeat/modules.d/linux.yml.disabled b/metricbeat/modules.d/linux.yml.disabled index 1efb0a542472..0fe778f4a5e2 100644 --- a/metricbeat/modules.d/linux.yml.disabled +++ b/metricbeat/modules.d/linux.yml.disabled @@ -1,5 +1,5 @@ # Module: linux -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-linux.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-linux.html - module: linux period: 10s diff --git a/metricbeat/modules.d/logstash-xpack.yml.disabled b/metricbeat/modules.d/logstash-xpack.yml.disabled index f6a1c84a51ef..4bdc6da1b79a 100644 --- a/metricbeat/modules.d/logstash-xpack.yml.disabled +++ b/metricbeat/modules.d/logstash-xpack.yml.disabled @@ -1,5 +1,5 @@ # Module: logstash -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-logstash.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-logstash.html - module: logstash xpack.enabled: true diff --git a/metricbeat/modules.d/logstash.yml.disabled b/metricbeat/modules.d/logstash.yml.disabled index cc4150642571..e10c9a98ab34 100644 --- a/metricbeat/modules.d/logstash.yml.disabled +++ b/metricbeat/modules.d/logstash.yml.disabled @@ -1,5 +1,5 @@ # Module: logstash -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-logstash.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-logstash.html - module: logstash #metricsets: diff --git a/metricbeat/modules.d/memcached.yml.disabled b/metricbeat/modules.d/memcached.yml.disabled index 651eae2a70a2..2036bd6c1561 100644 --- a/metricbeat/modules.d/memcached.yml.disabled +++ b/metricbeat/modules.d/memcached.yml.disabled @@ -1,5 +1,5 @@ # Module: memcached -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-memcached.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-memcached.html - module: memcached # metricsets: ["stats"] diff --git a/metricbeat/modules.d/mongodb.yml.disabled b/metricbeat/modules.d/mongodb.yml.disabled index 085122998133..e0cf95f03776 100644 --- a/metricbeat/modules.d/mongodb.yml.disabled +++ b/metricbeat/modules.d/mongodb.yml.disabled @@ -1,5 +1,5 @@ # Module: mongodb -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-mongodb.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-mongodb.html - module: mongodb #metricsets: diff --git a/metricbeat/modules.d/munin.yml.disabled b/metricbeat/modules.d/munin.yml.disabled index b7aa19a5b3f2..a9c928c3631f 100644 --- a/metricbeat/modules.d/munin.yml.disabled +++ b/metricbeat/modules.d/munin.yml.disabled @@ -1,5 +1,5 @@ # Module: munin -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-munin.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-munin.html - module: munin #metricsets: diff --git a/metricbeat/modules.d/mysql.yml.disabled b/metricbeat/modules.d/mysql.yml.disabled index 2779235d3799..3d29ae8cde68 100644 --- a/metricbeat/modules.d/mysql.yml.disabled +++ b/metricbeat/modules.d/mysql.yml.disabled @@ -1,5 +1,5 @@ # Module: mysql -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-mysql.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-mysql.html - module: mysql #metricsets: diff --git a/metricbeat/modules.d/nats.yml.disabled b/metricbeat/modules.d/nats.yml.disabled index 377b7397c90b..ae2ec32fc051 100644 --- a/metricbeat/modules.d/nats.yml.disabled +++ b/metricbeat/modules.d/nats.yml.disabled @@ -1,5 +1,5 @@ # Module: nats -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-nats.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-nats.html - module: nats metricsets: diff --git a/metricbeat/modules.d/nginx.yml.disabled b/metricbeat/modules.d/nginx.yml.disabled index 1dc91de0ab3c..70c7954faf76 100644 --- a/metricbeat/modules.d/nginx.yml.disabled +++ b/metricbeat/modules.d/nginx.yml.disabled @@ -1,5 +1,5 @@ # Module: nginx -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-nginx.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-nginx.html - module: nginx #metricsets: diff --git a/metricbeat/modules.d/php_fpm.yml.disabled b/metricbeat/modules.d/php_fpm.yml.disabled index 5968d48d9432..575bb6956dd1 100644 --- a/metricbeat/modules.d/php_fpm.yml.disabled +++ b/metricbeat/modules.d/php_fpm.yml.disabled @@ -1,5 +1,5 @@ # Module: php_fpm -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-php_fpm.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-php_fpm.html - module: php_fpm #metricsets: diff --git a/metricbeat/modules.d/postgresql.yml.disabled b/metricbeat/modules.d/postgresql.yml.disabled index 910a686201c8..ded669c69096 100644 --- a/metricbeat/modules.d/postgresql.yml.disabled +++ b/metricbeat/modules.d/postgresql.yml.disabled @@ -1,5 +1,5 @@ # Module: postgresql -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-postgresql.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-postgresql.html - module: postgresql #metricsets: diff --git a/metricbeat/modules.d/prometheus.yml.disabled b/metricbeat/modules.d/prometheus.yml.disabled index 3a2d8b912d59..af0266188b39 100644 --- a/metricbeat/modules.d/prometheus.yml.disabled +++ b/metricbeat/modules.d/prometheus.yml.disabled @@ -1,5 +1,5 @@ # Module: prometheus -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-prometheus.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-prometheus.html # Metrics collected from a Prometheus endpoint - module: prometheus diff --git a/metricbeat/modules.d/rabbitmq.yml.disabled b/metricbeat/modules.d/rabbitmq.yml.disabled index 76c51259cde8..61a4b686c31f 100644 --- a/metricbeat/modules.d/rabbitmq.yml.disabled +++ b/metricbeat/modules.d/rabbitmq.yml.disabled @@ -1,5 +1,5 @@ # Module: rabbitmq -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-rabbitmq.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-rabbitmq.html - module: rabbitmq #metricsets: diff --git a/metricbeat/modules.d/redis.yml.disabled b/metricbeat/modules.d/redis.yml.disabled index 78f6a0f18a1a..7529d3e08891 100644 --- a/metricbeat/modules.d/redis.yml.disabled +++ b/metricbeat/modules.d/redis.yml.disabled @@ -1,5 +1,5 @@ # Module: redis -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-redis.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-redis.html - module: redis #metricsets: diff --git a/metricbeat/modules.d/system.yml b/metricbeat/modules.d/system.yml index be6d69547f48..339d66abc3a9 100644 --- a/metricbeat/modules.d/system.yml +++ b/metricbeat/modules.d/system.yml @@ -1,5 +1,5 @@ # Module: system -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-system.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-system.html - module: system period: 10s diff --git a/metricbeat/modules.d/traefik.yml.disabled b/metricbeat/modules.d/traefik.yml.disabled index 44dfdcd11e35..2f4beeda3a0e 100644 --- a/metricbeat/modules.d/traefik.yml.disabled +++ b/metricbeat/modules.d/traefik.yml.disabled @@ -1,5 +1,5 @@ # Module: traefik -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-traefik.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-traefik.html - module: traefik metricsets: ["health"] diff --git a/metricbeat/modules.d/uwsgi.yml.disabled b/metricbeat/modules.d/uwsgi.yml.disabled index cca20b483932..f0831a804ac9 100644 --- a/metricbeat/modules.d/uwsgi.yml.disabled +++ b/metricbeat/modules.d/uwsgi.yml.disabled @@ -1,5 +1,5 @@ # Module: uwsgi -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-uwsgi.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-uwsgi.html - module: uwsgi #metricsets: diff --git a/metricbeat/modules.d/vsphere.yml.disabled b/metricbeat/modules.d/vsphere.yml.disabled index 131a98a78af6..e3ff07039a41 100644 --- a/metricbeat/modules.d/vsphere.yml.disabled +++ b/metricbeat/modules.d/vsphere.yml.disabled @@ -1,5 +1,5 @@ # Module: vsphere -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-vsphere.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-vsphere.html - module: vsphere #metricsets: diff --git a/metricbeat/modules.d/windows.yml.disabled b/metricbeat/modules.d/windows.yml.disabled index 64a278585582..18a8a13e970d 100644 --- a/metricbeat/modules.d/windows.yml.disabled +++ b/metricbeat/modules.d/windows.yml.disabled @@ -1,5 +1,5 @@ # Module: windows -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-windows.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-windows.html - module: windows metricsets: diff --git a/metricbeat/modules.d/zookeeper.yml.disabled b/metricbeat/modules.d/zookeeper.yml.disabled index 2505eabb4a99..4da1e25fc614 100644 --- a/metricbeat/modules.d/zookeeper.yml.disabled +++ b/metricbeat/modules.d/zookeeper.yml.disabled @@ -1,5 +1,5 @@ # Module: zookeeper -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-zookeeper.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-zookeeper.html - module: zookeeper #metricsets: diff --git a/x-pack/filebeat/modules.d/activemq.yml.disabled b/x-pack/filebeat/modules.d/activemq.yml.disabled index ab6a624ee65c..43536ecbce00 100644 --- a/x-pack/filebeat/modules.d/activemq.yml.disabled +++ b/x-pack/filebeat/modules.d/activemq.yml.disabled @@ -1,5 +1,5 @@ # Module: activemq -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-activemq.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-activemq.html - module: activemq # Audit logs diff --git a/x-pack/filebeat/modules.d/aws.yml.disabled b/x-pack/filebeat/modules.d/aws.yml.disabled index d27c96956569..248090f69fe1 100644 --- a/x-pack/filebeat/modules.d/aws.yml.disabled +++ b/x-pack/filebeat/modules.d/aws.yml.disabled @@ -1,5 +1,5 @@ # Module: aws -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-aws.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-aws.html - module: aws cloudtrail: diff --git a/x-pack/filebeat/modules.d/awsfargate.yml.disabled b/x-pack/filebeat/modules.d/awsfargate.yml.disabled index 0cf7c53f59ea..03701bea80ef 100644 --- a/x-pack/filebeat/modules.d/awsfargate.yml.disabled +++ b/x-pack/filebeat/modules.d/awsfargate.yml.disabled @@ -1,5 +1,5 @@ # Module: awsfargate -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-awsfargate.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-awsfargate.html - module: awsfargate log: diff --git a/x-pack/filebeat/modules.d/azure.yml.disabled b/x-pack/filebeat/modules.d/azure.yml.disabled index 7bb2e89b43d7..3b2bc1ecf106 100644 --- a/x-pack/filebeat/modules.d/azure.yml.disabled +++ b/x-pack/filebeat/modules.d/azure.yml.disabled @@ -1,5 +1,5 @@ # Module: azure -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-azure.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-azure.html - module: azure # All logs diff --git a/x-pack/filebeat/modules.d/barracuda.yml.disabled b/x-pack/filebeat/modules.d/barracuda.yml.disabled index 7dbb29f7ce1f..99ff85036c44 100644 --- a/x-pack/filebeat/modules.d/barracuda.yml.disabled +++ b/x-pack/filebeat/modules.d/barracuda.yml.disabled @@ -1,5 +1,5 @@ # Module: barracuda -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-barracuda.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-barracuda.html - module: barracuda waf: diff --git a/x-pack/filebeat/modules.d/bluecoat.yml.disabled b/x-pack/filebeat/modules.d/bluecoat.yml.disabled index ca8cc7784832..6550c8eedb6a 100644 --- a/x-pack/filebeat/modules.d/bluecoat.yml.disabled +++ b/x-pack/filebeat/modules.d/bluecoat.yml.disabled @@ -1,5 +1,5 @@ # Module: bluecoat -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-bluecoat.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-bluecoat.html - module: bluecoat director: diff --git a/x-pack/filebeat/modules.d/cef.yml.disabled b/x-pack/filebeat/modules.d/cef.yml.disabled index e69340da2985..2de22edccdff 100644 --- a/x-pack/filebeat/modules.d/cef.yml.disabled +++ b/x-pack/filebeat/modules.d/cef.yml.disabled @@ -1,5 +1,5 @@ # Module: cef -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-cef.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-cef.html - module: cef log: diff --git a/x-pack/filebeat/modules.d/checkpoint.yml.disabled b/x-pack/filebeat/modules.d/checkpoint.yml.disabled index c28dd3a04867..9d34b8d72aa3 100644 --- a/x-pack/filebeat/modules.d/checkpoint.yml.disabled +++ b/x-pack/filebeat/modules.d/checkpoint.yml.disabled @@ -1,5 +1,5 @@ # Module: checkpoint -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-checkpoint.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-checkpoint.html - module: checkpoint firewall: diff --git a/x-pack/filebeat/modules.d/cisco.yml.disabled b/x-pack/filebeat/modules.d/cisco.yml.disabled index 1892dc47ca89..9e465804552f 100644 --- a/x-pack/filebeat/modules.d/cisco.yml.disabled +++ b/x-pack/filebeat/modules.d/cisco.yml.disabled @@ -1,5 +1,5 @@ # Module: cisco -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-cisco.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-cisco.html - module: cisco asa: diff --git a/x-pack/filebeat/modules.d/coredns.yml.disabled b/x-pack/filebeat/modules.d/coredns.yml.disabled index ba3748c82ae2..46e9e55c1471 100644 --- a/x-pack/filebeat/modules.d/coredns.yml.disabled +++ b/x-pack/filebeat/modules.d/coredns.yml.disabled @@ -1,5 +1,5 @@ # Module: coredns -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-coredns.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-coredns.html - module: coredns # Fileset for native deployment diff --git a/x-pack/filebeat/modules.d/crowdstrike.yml.disabled b/x-pack/filebeat/modules.d/crowdstrike.yml.disabled index e0ea8540c9e5..8d2c8531d077 100644 --- a/x-pack/filebeat/modules.d/crowdstrike.yml.disabled +++ b/x-pack/filebeat/modules.d/crowdstrike.yml.disabled @@ -1,5 +1,5 @@ # Module: crowdstrike -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-crowdstrike.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-crowdstrike.html - module: crowdstrike diff --git a/x-pack/filebeat/modules.d/cyberark.yml.disabled b/x-pack/filebeat/modules.d/cyberark.yml.disabled index 6311ff86f39b..e97955adfb84 100644 --- a/x-pack/filebeat/modules.d/cyberark.yml.disabled +++ b/x-pack/filebeat/modules.d/cyberark.yml.disabled @@ -1,5 +1,5 @@ # Module: cyberark -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-cyberark.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-cyberark.html - module: cyberark corepas: diff --git a/x-pack/filebeat/modules.d/cyberarkpas.yml.disabled b/x-pack/filebeat/modules.d/cyberarkpas.yml.disabled index 725bfada51d7..3e78f4a0f351 100644 --- a/x-pack/filebeat/modules.d/cyberarkpas.yml.disabled +++ b/x-pack/filebeat/modules.d/cyberarkpas.yml.disabled @@ -1,5 +1,5 @@ # Module: cyberarkpas -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-cyberarkpas.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-cyberarkpas.html - module: cyberarkpas audit: diff --git a/x-pack/filebeat/modules.d/cylance.yml.disabled b/x-pack/filebeat/modules.d/cylance.yml.disabled index a6e4a0464a90..342d654d2e13 100644 --- a/x-pack/filebeat/modules.d/cylance.yml.disabled +++ b/x-pack/filebeat/modules.d/cylance.yml.disabled @@ -1,5 +1,5 @@ # Module: cylance -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-cylance.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-cylance.html - module: cylance protect: diff --git a/x-pack/filebeat/modules.d/envoyproxy.yml.disabled b/x-pack/filebeat/modules.d/envoyproxy.yml.disabled index 62d5a666796a..543b17be5339 100644 --- a/x-pack/filebeat/modules.d/envoyproxy.yml.disabled +++ b/x-pack/filebeat/modules.d/envoyproxy.yml.disabled @@ -1,5 +1,5 @@ # Module: envoyproxy -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-envoyproxy.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-envoyproxy.html - module: envoyproxy # Fileset for native deployment diff --git a/x-pack/filebeat/modules.d/f5.yml.disabled b/x-pack/filebeat/modules.d/f5.yml.disabled index b9801b0ce5c6..959842174cff 100644 --- a/x-pack/filebeat/modules.d/f5.yml.disabled +++ b/x-pack/filebeat/modules.d/f5.yml.disabled @@ -1,5 +1,5 @@ # Module: f5 -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-f5.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-f5.html - module: f5 bigipapm: diff --git a/x-pack/filebeat/modules.d/fortinet.yml.disabled b/x-pack/filebeat/modules.d/fortinet.yml.disabled index 76f8d3b5a199..281b7d788efa 100644 --- a/x-pack/filebeat/modules.d/fortinet.yml.disabled +++ b/x-pack/filebeat/modules.d/fortinet.yml.disabled @@ -1,5 +1,5 @@ # Module: fortinet -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-fortinet.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-fortinet.html - module: fortinet firewall: diff --git a/x-pack/filebeat/modules.d/gcp.yml.disabled b/x-pack/filebeat/modules.d/gcp.yml.disabled index f7323b4c9c6e..a09d0fe369cb 100644 --- a/x-pack/filebeat/modules.d/gcp.yml.disabled +++ b/x-pack/filebeat/modules.d/gcp.yml.disabled @@ -1,5 +1,5 @@ # Module: gcp -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-gcp.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-gcp.html - module: gcp vpcflow: diff --git a/x-pack/filebeat/modules.d/google_workspace.yml.disabled b/x-pack/filebeat/modules.d/google_workspace.yml.disabled index 0eb7d7adf149..6d364af9811a 100644 --- a/x-pack/filebeat/modules.d/google_workspace.yml.disabled +++ b/x-pack/filebeat/modules.d/google_workspace.yml.disabled @@ -1,5 +1,5 @@ # Module: google_workspace -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-google_workspace.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-google_workspace.html - module: google_workspace saml: diff --git a/x-pack/filebeat/modules.d/googlecloud.yml.disabled b/x-pack/filebeat/modules.d/googlecloud.yml.disabled index d549eaee9b4f..9a28dc036ee9 100644 --- a/x-pack/filebeat/modules.d/googlecloud.yml.disabled +++ b/x-pack/filebeat/modules.d/googlecloud.yml.disabled @@ -1,5 +1,5 @@ # Module: googlecloud -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-googlecloud.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-googlecloud.html # googlecloud module is deprecated, please use gcp instead - module: gcp diff --git a/x-pack/filebeat/modules.d/gsuite.yml.disabled b/x-pack/filebeat/modules.d/gsuite.yml.disabled index d8ab05a2f2ab..6aec3b65ddaa 100644 --- a/x-pack/filebeat/modules.d/gsuite.yml.disabled +++ b/x-pack/filebeat/modules.d/gsuite.yml.disabled @@ -1,5 +1,5 @@ # Module: gsuite -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-gsuite.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-gsuite.html # Gsuite module is deprecated and will be removed in future releases. Please use Google Workspace module instead. - module: gsuite diff --git a/x-pack/filebeat/modules.d/ibmmq.yml.disabled b/x-pack/filebeat/modules.d/ibmmq.yml.disabled index 81756450ccf7..bfaf3792db9c 100644 --- a/x-pack/filebeat/modules.d/ibmmq.yml.disabled +++ b/x-pack/filebeat/modules.d/ibmmq.yml.disabled @@ -1,5 +1,5 @@ # Module: ibmmq -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-ibmmq.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-ibmmq.html - module: ibmmq # All logs diff --git a/x-pack/filebeat/modules.d/imperva.yml.disabled b/x-pack/filebeat/modules.d/imperva.yml.disabled index 84fb7e2d5c9c..8e53deaa60a3 100644 --- a/x-pack/filebeat/modules.d/imperva.yml.disabled +++ b/x-pack/filebeat/modules.d/imperva.yml.disabled @@ -1,5 +1,5 @@ # Module: imperva -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-imperva.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-imperva.html - module: imperva securesphere: diff --git a/x-pack/filebeat/modules.d/infoblox.yml.disabled b/x-pack/filebeat/modules.d/infoblox.yml.disabled index b69aa819468e..9e82f83401e8 100644 --- a/x-pack/filebeat/modules.d/infoblox.yml.disabled +++ b/x-pack/filebeat/modules.d/infoblox.yml.disabled @@ -1,5 +1,5 @@ # Module: infoblox -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-infoblox.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-infoblox.html - module: infoblox nios: diff --git a/x-pack/filebeat/modules.d/iptables.yml.disabled b/x-pack/filebeat/modules.d/iptables.yml.disabled index 52ae31d7fe07..1147e14dded1 100644 --- a/x-pack/filebeat/modules.d/iptables.yml.disabled +++ b/x-pack/filebeat/modules.d/iptables.yml.disabled @@ -1,5 +1,5 @@ # Module: iptables -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-iptables.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-iptables.html - module: iptables log: diff --git a/x-pack/filebeat/modules.d/juniper.yml.disabled b/x-pack/filebeat/modules.d/juniper.yml.disabled index 999b36e4e1d4..71112679db02 100644 --- a/x-pack/filebeat/modules.d/juniper.yml.disabled +++ b/x-pack/filebeat/modules.d/juniper.yml.disabled @@ -1,5 +1,5 @@ # Module: juniper -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-juniper.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-juniper.html - module: juniper junos: diff --git a/x-pack/filebeat/modules.d/microsoft.yml.disabled b/x-pack/filebeat/modules.d/microsoft.yml.disabled index 28e65d7de7d8..f73c209386d2 100644 --- a/x-pack/filebeat/modules.d/microsoft.yml.disabled +++ b/x-pack/filebeat/modules.d/microsoft.yml.disabled @@ -1,5 +1,5 @@ # Module: microsoft -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-microsoft.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-microsoft.html - module: microsoft # ATP configuration diff --git a/x-pack/filebeat/modules.d/misp.yml.disabled b/x-pack/filebeat/modules.d/misp.yml.disabled index 2980390d6571..9a489fa0f3dd 100644 --- a/x-pack/filebeat/modules.d/misp.yml.disabled +++ b/x-pack/filebeat/modules.d/misp.yml.disabled @@ -1,5 +1,5 @@ # Module: misp -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-misp.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-misp.html - module: misp threat: diff --git a/x-pack/filebeat/modules.d/mssql.yml.disabled b/x-pack/filebeat/modules.d/mssql.yml.disabled index 1c7507ca5983..bfe4c6e64993 100644 --- a/x-pack/filebeat/modules.d/mssql.yml.disabled +++ b/x-pack/filebeat/modules.d/mssql.yml.disabled @@ -1,5 +1,5 @@ # Module: mssql -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-mssql.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-mssql.html - module: mssql # Fileset for native deployment diff --git a/x-pack/filebeat/modules.d/mysqlenterprise.yml.disabled b/x-pack/filebeat/modules.d/mysqlenterprise.yml.disabled index 69da526281e6..37e10d0eb734 100644 --- a/x-pack/filebeat/modules.d/mysqlenterprise.yml.disabled +++ b/x-pack/filebeat/modules.d/mysqlenterprise.yml.disabled @@ -1,5 +1,5 @@ # Module: mysqlenterprise -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-mysqlenterprise.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-mysqlenterprise.html - module: mysqlenterprise audit: diff --git a/x-pack/filebeat/modules.d/netflow.yml.disabled b/x-pack/filebeat/modules.d/netflow.yml.disabled index 64469e67ca85..781748b00e05 100644 --- a/x-pack/filebeat/modules.d/netflow.yml.disabled +++ b/x-pack/filebeat/modules.d/netflow.yml.disabled @@ -1,5 +1,5 @@ # Module: netflow -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-netflow.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-netflow.html - module: netflow log: diff --git a/x-pack/filebeat/modules.d/netscout.yml.disabled b/x-pack/filebeat/modules.d/netscout.yml.disabled index f4a14ba30e5f..2153490464a8 100644 --- a/x-pack/filebeat/modules.d/netscout.yml.disabled +++ b/x-pack/filebeat/modules.d/netscout.yml.disabled @@ -1,5 +1,5 @@ # Module: netscout -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-netscout.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-netscout.html - module: netscout sightline: diff --git a/x-pack/filebeat/modules.d/o365.yml.disabled b/x-pack/filebeat/modules.d/o365.yml.disabled index f15fa09040ed..578ff365df70 100644 --- a/x-pack/filebeat/modules.d/o365.yml.disabled +++ b/x-pack/filebeat/modules.d/o365.yml.disabled @@ -1,5 +1,5 @@ # Module: o365 -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-o365.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-o365.html - module: o365 audit: diff --git a/x-pack/filebeat/modules.d/okta.yml.disabled b/x-pack/filebeat/modules.d/okta.yml.disabled index 0038d04aa881..4fc94359267e 100644 --- a/x-pack/filebeat/modules.d/okta.yml.disabled +++ b/x-pack/filebeat/modules.d/okta.yml.disabled @@ -1,5 +1,5 @@ # Module: okta -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-okta.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-okta.html - module: okta system: diff --git a/x-pack/filebeat/modules.d/oracle.yml.disabled b/x-pack/filebeat/modules.d/oracle.yml.disabled index b7cdd6ea7abe..3bd576ee1bbd 100644 --- a/x-pack/filebeat/modules.d/oracle.yml.disabled +++ b/x-pack/filebeat/modules.d/oracle.yml.disabled @@ -1,5 +1,5 @@ # Module: oracle -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-oracle.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-oracle.html - module: oracle database_audit: diff --git a/x-pack/filebeat/modules.d/panw.yml.disabled b/x-pack/filebeat/modules.d/panw.yml.disabled index 46d4bdc4a934..eb094a25a619 100644 --- a/x-pack/filebeat/modules.d/panw.yml.disabled +++ b/x-pack/filebeat/modules.d/panw.yml.disabled @@ -1,5 +1,5 @@ # Module: panw -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-panw.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-panw.html - module: panw panos: diff --git a/x-pack/filebeat/modules.d/proofpoint.yml.disabled b/x-pack/filebeat/modules.d/proofpoint.yml.disabled index cb5952fb8caa..9aeebd5fe29d 100644 --- a/x-pack/filebeat/modules.d/proofpoint.yml.disabled +++ b/x-pack/filebeat/modules.d/proofpoint.yml.disabled @@ -1,5 +1,5 @@ # Module: proofpoint -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-proofpoint.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-proofpoint.html - module: proofpoint emailsecurity: diff --git a/x-pack/filebeat/modules.d/rabbitmq.yml.disabled b/x-pack/filebeat/modules.d/rabbitmq.yml.disabled index b5071e1a6bd5..e61a0a0c91af 100644 --- a/x-pack/filebeat/modules.d/rabbitmq.yml.disabled +++ b/x-pack/filebeat/modules.d/rabbitmq.yml.disabled @@ -1,5 +1,5 @@ # Module: rabbitmq -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-rabbitmq.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-rabbitmq.html - module: rabbitmq # All logs diff --git a/x-pack/filebeat/modules.d/radware.yml.disabled b/x-pack/filebeat/modules.d/radware.yml.disabled index d6a831a48cbb..f9ab3e519df3 100644 --- a/x-pack/filebeat/modules.d/radware.yml.disabled +++ b/x-pack/filebeat/modules.d/radware.yml.disabled @@ -1,5 +1,5 @@ # Module: radware -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-radware.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-radware.html - module: radware defensepro: diff --git a/x-pack/filebeat/modules.d/snort.yml.disabled b/x-pack/filebeat/modules.d/snort.yml.disabled index 6cffa6d4e108..8c9bcc471429 100644 --- a/x-pack/filebeat/modules.d/snort.yml.disabled +++ b/x-pack/filebeat/modules.d/snort.yml.disabled @@ -1,5 +1,5 @@ # Module: snort -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-snort.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-snort.html - module: snort log: diff --git a/x-pack/filebeat/modules.d/snyk.yml.disabled b/x-pack/filebeat/modules.d/snyk.yml.disabled index 709cf3456c3c..0b13f815517c 100644 --- a/x-pack/filebeat/modules.d/snyk.yml.disabled +++ b/x-pack/filebeat/modules.d/snyk.yml.disabled @@ -1,5 +1,5 @@ # Module: snyk -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-snyk.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-snyk.html - module: snyk audit: diff --git a/x-pack/filebeat/modules.d/sonicwall.yml.disabled b/x-pack/filebeat/modules.d/sonicwall.yml.disabled index 45fd076565c1..de457109d0bb 100644 --- a/x-pack/filebeat/modules.d/sonicwall.yml.disabled +++ b/x-pack/filebeat/modules.d/sonicwall.yml.disabled @@ -1,5 +1,5 @@ # Module: sonicwall -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-sonicwall.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-sonicwall.html - module: sonicwall firewall: diff --git a/x-pack/filebeat/modules.d/sophos.yml.disabled b/x-pack/filebeat/modules.d/sophos.yml.disabled index 90b1c8f37a20..8fc346540c0b 100644 --- a/x-pack/filebeat/modules.d/sophos.yml.disabled +++ b/x-pack/filebeat/modules.d/sophos.yml.disabled @@ -1,5 +1,5 @@ # Module: sophos -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-sophos.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-sophos.html - module: sophos xg: diff --git a/x-pack/filebeat/modules.d/squid.yml.disabled b/x-pack/filebeat/modules.d/squid.yml.disabled index 16f238a3f7de..a47807253ad0 100644 --- a/x-pack/filebeat/modules.d/squid.yml.disabled +++ b/x-pack/filebeat/modules.d/squid.yml.disabled @@ -1,5 +1,5 @@ # Module: squid -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-squid.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-squid.html - module: squid log: diff --git a/x-pack/filebeat/modules.d/suricata.yml.disabled b/x-pack/filebeat/modules.d/suricata.yml.disabled index f156730e2bad..1edd3f832917 100644 --- a/x-pack/filebeat/modules.d/suricata.yml.disabled +++ b/x-pack/filebeat/modules.d/suricata.yml.disabled @@ -1,5 +1,5 @@ # Module: suricata -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-suricata.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-suricata.html - module: suricata # All logs diff --git a/x-pack/filebeat/modules.d/threatintel.yml.disabled b/x-pack/filebeat/modules.d/threatintel.yml.disabled index f4b80966eeba..e64e05a81f73 100644 --- a/x-pack/filebeat/modules.d/threatintel.yml.disabled +++ b/x-pack/filebeat/modules.d/threatintel.yml.disabled @@ -1,5 +1,5 @@ # Module: threatintel -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-threatintel.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-threatintel.html - module: threatintel abuseurl: diff --git a/x-pack/filebeat/modules.d/tomcat.yml.disabled b/x-pack/filebeat/modules.d/tomcat.yml.disabled index bc2c05566317..84f4619d5b56 100644 --- a/x-pack/filebeat/modules.d/tomcat.yml.disabled +++ b/x-pack/filebeat/modules.d/tomcat.yml.disabled @@ -1,5 +1,5 @@ # Module: tomcat -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-tomcat.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-tomcat.html - module: tomcat log: diff --git a/x-pack/filebeat/modules.d/zeek.yml.disabled b/x-pack/filebeat/modules.d/zeek.yml.disabled index 8b0eb4647a84..8595f0d21692 100644 --- a/x-pack/filebeat/modules.d/zeek.yml.disabled +++ b/x-pack/filebeat/modules.d/zeek.yml.disabled @@ -1,5 +1,5 @@ # Module: zeek -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-zeek.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-zeek.html - module: zeek capture_loss: diff --git a/x-pack/filebeat/modules.d/zoom.yml.disabled b/x-pack/filebeat/modules.d/zoom.yml.disabled index b9b495aa9942..15fa9d4b23cf 100644 --- a/x-pack/filebeat/modules.d/zoom.yml.disabled +++ b/x-pack/filebeat/modules.d/zoom.yml.disabled @@ -1,5 +1,5 @@ # Module: zoom -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-zoom.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-zoom.html - module: zoom webhook: diff --git a/x-pack/filebeat/modules.d/zscaler.yml.disabled b/x-pack/filebeat/modules.d/zscaler.yml.disabled index af5a6d0ebddf..accdec9ead94 100644 --- a/x-pack/filebeat/modules.d/zscaler.yml.disabled +++ b/x-pack/filebeat/modules.d/zscaler.yml.disabled @@ -1,5 +1,5 @@ # Module: zscaler -# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.13/filebeat-module-zscaler.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.x/filebeat-module-zscaler.html - module: zscaler zia: diff --git a/x-pack/metricbeat/modules.d/activemq.yml.disabled b/x-pack/metricbeat/modules.d/activemq.yml.disabled index 90cbed5a82da..16756a9c40c7 100644 --- a/x-pack/metricbeat/modules.d/activemq.yml.disabled +++ b/x-pack/metricbeat/modules.d/activemq.yml.disabled @@ -1,5 +1,5 @@ # Module: activemq -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-activemq.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-activemq.html - module: activemq metricsets: ['broker', 'queue', 'topic'] diff --git a/x-pack/metricbeat/modules.d/appsearch.yml.disabled b/x-pack/metricbeat/modules.d/appsearch.yml.disabled index 4caccf4f49d6..829a37153585 100644 --- a/x-pack/metricbeat/modules.d/appsearch.yml.disabled +++ b/x-pack/metricbeat/modules.d/appsearch.yml.disabled @@ -1,5 +1,5 @@ # Module: appsearch -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-appsearch.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-appsearch.html - module: appsearch metricsets: ["stats"] diff --git a/x-pack/metricbeat/modules.d/aws.yml.disabled b/x-pack/metricbeat/modules.d/aws.yml.disabled index 3a6f181993fc..ffcf68887ec3 100644 --- a/x-pack/metricbeat/modules.d/aws.yml.disabled +++ b/x-pack/metricbeat/modules.d/aws.yml.disabled @@ -1,5 +1,5 @@ # Module: aws -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-aws.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-aws.html - module: aws period: 1m diff --git a/x-pack/metricbeat/modules.d/awsfargate.yml.disabled b/x-pack/metricbeat/modules.d/awsfargate.yml.disabled index a596c81263aa..ba9aba8f9cfa 100644 --- a/x-pack/metricbeat/modules.d/awsfargate.yml.disabled +++ b/x-pack/metricbeat/modules.d/awsfargate.yml.disabled @@ -1,5 +1,5 @@ # Module: awsfargate -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-awsfargate.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-awsfargate.html - module: awsfargate period: 10s diff --git a/x-pack/metricbeat/modules.d/azure.yml.disabled b/x-pack/metricbeat/modules.d/azure.yml.disabled index fd55c2899c99..7020c46eb2dc 100644 --- a/x-pack/metricbeat/modules.d/azure.yml.disabled +++ b/x-pack/metricbeat/modules.d/azure.yml.disabled @@ -1,5 +1,5 @@ # Module: azure -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-azure.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-azure.html - module: azure metricsets: diff --git a/x-pack/metricbeat/modules.d/cloudfoundry.yml.disabled b/x-pack/metricbeat/modules.d/cloudfoundry.yml.disabled index a0e89ecc990c..c3e1d25ac338 100644 --- a/x-pack/metricbeat/modules.d/cloudfoundry.yml.disabled +++ b/x-pack/metricbeat/modules.d/cloudfoundry.yml.disabled @@ -1,5 +1,5 @@ # Module: cloudfoundry -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-cloudfoundry.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-cloudfoundry.html - module: cloudfoundry metricsets: diff --git a/x-pack/metricbeat/modules.d/cockroachdb.yml.disabled b/x-pack/metricbeat/modules.d/cockroachdb.yml.disabled index 36e6633d005e..5c55bd9c3eb7 100644 --- a/x-pack/metricbeat/modules.d/cockroachdb.yml.disabled +++ b/x-pack/metricbeat/modules.d/cockroachdb.yml.disabled @@ -1,5 +1,5 @@ # Module: cockroachdb -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-cockroachdb.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-cockroachdb.html - module: cockroachdb metricsets: ['status'] diff --git a/x-pack/metricbeat/modules.d/coredns.yml.disabled b/x-pack/metricbeat/modules.d/coredns.yml.disabled index b6231a03eb84..098aa97d321c 100644 --- a/x-pack/metricbeat/modules.d/coredns.yml.disabled +++ b/x-pack/metricbeat/modules.d/coredns.yml.disabled @@ -1,5 +1,5 @@ # Module: coredns -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-coredns.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-coredns.html - module: coredns metricsets: ["stats"] diff --git a/x-pack/metricbeat/modules.d/gcp.yml.disabled b/x-pack/metricbeat/modules.d/gcp.yml.disabled index 50ad7d381b1d..5ded23530d8c 100644 --- a/x-pack/metricbeat/modules.d/gcp.yml.disabled +++ b/x-pack/metricbeat/modules.d/gcp.yml.disabled @@ -1,5 +1,5 @@ # Module: gcp -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-gcp.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-gcp.html - module: gcp metricsets: diff --git a/x-pack/metricbeat/modules.d/ibmmq.yml.disabled b/x-pack/metricbeat/modules.d/ibmmq.yml.disabled index edcbb811c79c..f26e218d0bfd 100644 --- a/x-pack/metricbeat/modules.d/ibmmq.yml.disabled +++ b/x-pack/metricbeat/modules.d/ibmmq.yml.disabled @@ -1,5 +1,5 @@ # Module: ibmmq -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-ibmmq.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-ibmmq.html - module: ibmmq metricsets: ['qmgr'] diff --git a/x-pack/metricbeat/modules.d/iis.yml.disabled b/x-pack/metricbeat/modules.d/iis.yml.disabled index f638e5d7f768..476c6a43b2d9 100644 --- a/x-pack/metricbeat/modules.d/iis.yml.disabled +++ b/x-pack/metricbeat/modules.d/iis.yml.disabled @@ -1,5 +1,5 @@ # Module: iis -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-iis.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-iis.html - module: iis metricsets: diff --git a/x-pack/metricbeat/modules.d/istio.yml.disabled b/x-pack/metricbeat/modules.d/istio.yml.disabled index 4b2aa044c28b..1487503a204f 100644 --- a/x-pack/metricbeat/modules.d/istio.yml.disabled +++ b/x-pack/metricbeat/modules.d/istio.yml.disabled @@ -1,5 +1,5 @@ # Module: istio -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-istio.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-istio.html # Istio mesh. To collect all Mixer-generated metrics - module: istio diff --git a/x-pack/metricbeat/modules.d/mssql.yml.disabled b/x-pack/metricbeat/modules.d/mssql.yml.disabled index a112c7bbc48b..e6cd92d22d51 100644 --- a/x-pack/metricbeat/modules.d/mssql.yml.disabled +++ b/x-pack/metricbeat/modules.d/mssql.yml.disabled @@ -1,5 +1,5 @@ # Module: mssql -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-mssql.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-mssql.html - module: mssql metricsets: diff --git a/x-pack/metricbeat/modules.d/openmetrics.yml.disabled b/x-pack/metricbeat/modules.d/openmetrics.yml.disabled index a0b0a507df8c..253123160014 100644 --- a/x-pack/metricbeat/modules.d/openmetrics.yml.disabled +++ b/x-pack/metricbeat/modules.d/openmetrics.yml.disabled @@ -1,5 +1,5 @@ # Module: openmetrics -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-openmetrics.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-openmetrics.html - module: openmetrics metricsets: ['collector'] diff --git a/x-pack/metricbeat/modules.d/oracle.yml.disabled b/x-pack/metricbeat/modules.d/oracle.yml.disabled index 3216b2a28bac..46207ba0ae43 100644 --- a/x-pack/metricbeat/modules.d/oracle.yml.disabled +++ b/x-pack/metricbeat/modules.d/oracle.yml.disabled @@ -1,5 +1,5 @@ # Module: oracle -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-oracle.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-oracle.html - module: oracle metricsets: ["tablespace", "performance"] diff --git a/x-pack/metricbeat/modules.d/prometheus.yml.disabled b/x-pack/metricbeat/modules.d/prometheus.yml.disabled index f1e4389de213..fbd6905d44a2 100644 --- a/x-pack/metricbeat/modules.d/prometheus.yml.disabled +++ b/x-pack/metricbeat/modules.d/prometheus.yml.disabled @@ -1,5 +1,5 @@ # Module: prometheus -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-prometheus.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-prometheus.html - module: prometheus period: 10s diff --git a/x-pack/metricbeat/modules.d/redisenterprise.yml.disabled b/x-pack/metricbeat/modules.d/redisenterprise.yml.disabled index d1562b6ac26f..81849192c981 100644 --- a/x-pack/metricbeat/modules.d/redisenterprise.yml.disabled +++ b/x-pack/metricbeat/modules.d/redisenterprise.yml.disabled @@ -1,5 +1,5 @@ # Module: redisenterprise -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-redisenterprise.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-redisenterprise.html - module: redisenterprise metricsets: diff --git a/x-pack/metricbeat/modules.d/sql.yml.disabled b/x-pack/metricbeat/modules.d/sql.yml.disabled index cd368fc16465..0c2597f31c63 100644 --- a/x-pack/metricbeat/modules.d/sql.yml.disabled +++ b/x-pack/metricbeat/modules.d/sql.yml.disabled @@ -1,5 +1,5 @@ # Module: sql -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-sql.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-sql.html - module: sql metricsets: diff --git a/x-pack/metricbeat/modules.d/stan.yml.disabled b/x-pack/metricbeat/modules.d/stan.yml.disabled index 2e52baae9c29..572b418a155f 100644 --- a/x-pack/metricbeat/modules.d/stan.yml.disabled +++ b/x-pack/metricbeat/modules.d/stan.yml.disabled @@ -1,5 +1,5 @@ # Module: stan -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-stan.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-stan.html - module: stan metricsets: ["stats", "subscriptions", "channels"] diff --git a/x-pack/metricbeat/modules.d/statsd.yml.disabled b/x-pack/metricbeat/modules.d/statsd.yml.disabled index 39d1a76b7850..6cf8c68ab2d0 100644 --- a/x-pack/metricbeat/modules.d/statsd.yml.disabled +++ b/x-pack/metricbeat/modules.d/statsd.yml.disabled @@ -1,5 +1,5 @@ # Module: statsd -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-statsd.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-statsd.html - module: statsd host: "localhost" diff --git a/x-pack/metricbeat/modules.d/tomcat.yml.disabled b/x-pack/metricbeat/modules.d/tomcat.yml.disabled index 7bb0edbbc5e2..233eaa747959 100644 --- a/x-pack/metricbeat/modules.d/tomcat.yml.disabled +++ b/x-pack/metricbeat/modules.d/tomcat.yml.disabled @@ -1,5 +1,5 @@ # Module: tomcat -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.13/metricbeat-module-tomcat.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.x/metricbeat-module-tomcat.html - module: tomcat metricsets: ['threading', 'cache', 'memory', 'requests'] From b095777448a49b0edbedc397a416d509329f0765 Mon Sep 17 00:00:00 2001 From: Marc Guasch Date: Wed, 21 Apr 2021 13:44:53 +0200 Subject: [PATCH 4/4] Change event.code and winlog.event_id type (#25176) (cherry picked from commit ee5ed90dec9e1c8091f7cddf88ba50198668714b) --- CHANGELOG.next.asciidoc | 1 + README.md | 2 +- deploy/kubernetes/auditbeat-kubernetes.yaml | 2 +- .../elastic-agent-standalone-kubernetes.yaml | 2 +- deploy/kubernetes/filebeat-kubernetes.yaml | 2 +- deploy/kubernetes/heartbeat-kubernetes.yaml | 2 +- deploy/kubernetes/metricbeat-kubernetes.yaml | 2 +- libbeat/docs/version.asciidoc | 2 +- .../decode_xml_wineventlog/processor.go | 3 +- .../decode_xml_wineventlog/processor_test.go | 6 +- testing/environments/snapshot-oss.yml | 6 +- winlogbeat/eventlog/eventlog.go | 3 +- winlogbeat/sys/winevent/event.go | 2 +- winlogbeat/tests/system/test_wineventlog.py | 17 +- winlogbeat/tests/system/winlogbeat.py | 2 +- .../test/testdata/400.evtx.golden.json | 16 +- .../test/testdata/403.evtx.golden.json | 16 +- .../test/testdata/4103.evtx.golden.json | 8 +- .../test/testdata/4104.evtx.golden.json | 8 +- .../test/testdata/4105.evtx.golden.json | 4 +- .../test/testdata/4106.evtx.golden.json | 4 +- .../test/testdata/600.evtx.golden.json | 12 +- .../test/testdata/800.evtx.golden.json | 16 +- .../test/testdata/1100.evtx.golden.json | 4 +- .../test/testdata/1102.evtx.golden.json | 4 +- .../test/testdata/1104.evtx.golden.json | 4 +- .../test/testdata/1105.evtx.golden.json | 4 +- .../4670_WindowsSrv2016.evtx.golden.json | 4 +- .../4706_WindowsSrv2016.evtx.golden.json | 4 +- .../4707_WindowsSrv2016.evtx.golden.json | 4 +- .../4713_WindowsSrv2016.evtx.golden.json | 4 +- .../4716_WindowsSrv2016.evtx.golden.json | 4 +- .../4717_WindowsSrv2016.evtx.golden.json | 4 +- .../4718_WindowsSrv2016.evtx.golden.json | 4 +- .../test/testdata/4719.evtx.golden.json | 4 +- .../4719_WindowsSrv2016.evtx.golden.json | 4 +- .../4739_WindowsSrv2016.evtx.golden.json | 4 +- .../test/testdata/4741.evtx.golden.json | 4 +- .../test/testdata/4742.evtx.golden.json | 4 +- .../test/testdata/4743.evtx.golden.json | 4 +- .../test/testdata/4744.evtx.golden.json | 4 +- .../test/testdata/4745.evtx.golden.json | 4 +- .../test/testdata/4746.evtx.golden.json | 4 +- .../test/testdata/4747.evtx.golden.json | 4 +- .../test/testdata/4748.evtx.golden.json | 4 +- .../test/testdata/4749.evtx.golden.json | 4 +- .../test/testdata/4750.evtx.golden.json | 4 +- .../test/testdata/4751.evtx.golden.json | 4 +- .../test/testdata/4752.evtx.golden.json | 4 +- .../test/testdata/4753.evtx.golden.json | 4 +- .../test/testdata/4759.evtx.golden.json | 4 +- .../test/testdata/4760.evtx.golden.json | 4 +- .../test/testdata/4761.evtx.golden.json | 4 +- .../test/testdata/4762.evtx.golden.json | 4 +- .../test/testdata/4763.evtx.golden.json | 4 +- .../4817_WindowsSrv2016.evtx.golden.json | 4 +- .../4902_WindowsSrv2016.evtx.golden.json | 4 +- .../4904_WindowsSrv2016.evtx.golden.json | 4 +- .../4905_WindowsSrv2016.evtx.golden.json | 4 +- .../4906_WindowsSrv2016.evtx.golden.json | 4 +- .../4907_WindowsSrv2016.evtx.golden.json | 4 +- .../4908_WindowsSrv2016.evtx.golden.json | 4 +- ...security-windows2012_4673.evtx.golden.json | 4 +- ...security-windows2012_4674.evtx.golden.json | 4 +- ...security-windows2012_4697.evtx.golden.json | 4 +- ...security-windows2012_4698.evtx.golden.json | 4 +- ...security-windows2012_4699.evtx.golden.json | 4 +- ...security-windows2012_4700.evtx.golden.json | 4 +- ...security-windows2012_4701.evtx.golden.json | 4 +- ...security-windows2012_4702.evtx.golden.json | 4 +- ...security-windows2012_4768.evtx.golden.json | 4 +- ...security-windows2012_4769.evtx.golden.json | 4 +- ...security-windows2012_4770.evtx.golden.json | 4 +- ...security-windows2012_4771.evtx.golden.json | 4 +- ...security-windows2012_4776.evtx.golden.json | 4 +- ...security-windows2012_4778.evtx.golden.json | 4 +- ...security-windows2012_4779.evtx.golden.json | 4 +- ...urity-windows2012r2-logon.evtx.golden.json | 72 +- ...security-windows2016-4672.evtx.golden.json | 4 +- ...curity-windows2016-logoff.evtx.golden.json | 8 +- ...2016_4720_Account_Created.evtx.golden.json | 8 +- ...2016_4722_Account_Enabled.evtx.golden.json | 8 +- ...2016_4723_Password_Change.evtx.golden.json | 8 +- ...s2016_4724_Password_Reset.evtx.golden.json | 8 +- ...016_4725_Account_Disabled.evtx.golden.json | 8 +- ...2016_4726_Account_Deleted.evtx.golden.json | 8 +- ...security-windows2016_4727.evtx.golden.json | 4 +- ...security-windows2016_4728.evtx.golden.json | 4 +- ...security-windows2016_4729.evtx.golden.json | 4 +- ...security-windows2016_4730.evtx.golden.json | 4 +- ...security-windows2016_4731.evtx.golden.json | 4 +- ...security-windows2016_4732.evtx.golden.json | 4 +- ...security-windows2016_4733.evtx.golden.json | 4 +- ...security-windows2016_4734.evtx.golden.json | 4 +- ...security-windows2016_4735.evtx.golden.json | 4 +- ...security-windows2016_4737.evtx.golden.json | 4 +- ...2016_4738_Account_Changed.evtx.golden.json | 8 +- ...6_4740_Account_Locked_Out.evtx.golden.json | 4 +- ...security-windows2016_4754.evtx.golden.json | 4 +- ...security-windows2016_4755.evtx.golden.json | 4 +- ...security-windows2016_4756.evtx.golden.json | 4 +- ...security-windows2016_4757.evtx.golden.json | 4 +- ...security-windows2016_4758.evtx.golden.json | 4 +- ...security-windows2016_4764.evtx.golden.json | 4 +- ...016_4767_Account_Unlocked.evtx.golden.json | 4 +- ...2016_4781_Account_Renamed.evtx.golden.json | 8 +- ...security-windows2016_4798.evtx.golden.json | 4 +- ...security-windows2016_4799.evtx.golden.json | 4 +- ...security-windows2016_4964.evtx.golden.json | 8 +- ...2019_4688_Process_Created.evtx.golden.json | 4 +- ...s2019_4689_Process_Exited.evtx.golden.json | 12 +- .../testdata/sysmon-10.2-dns.evtx.golden.json | 624 +++++++++--------- .../sysmon-11-filedelete.evtx.golden.json | 12 +- .../sysmon-11-registry.evtx.golden.json | 20 +- .../sysmon-12-loadimage.evtx.golden.json | 4 +- .../sysmon-12-processcreate.evtx.golden.json | 4 +- ...sysmon-13-clipboardchange.evtx.golden.json | 4 +- ...ysmon-13-processtampering.evtx.golden.json | 4 +- .../testdata/sysmon-9.01.evtx.golden.json | 128 ++-- 119 files changed, 704 insertions(+), 702 deletions(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 31a62548057c..1c23ca4be012 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -364,6 +364,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d *Winlogbeat* +- Change `event.code` and `winlog.event_id` from int to keyword. {pull}25176[25176] *Functionbeat* diff --git a/README.md b/README.md index 8050346f7911..e76f80a695e5 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -[![Build Status](https://beats-ci.elastic.co/job/Beats/job/beats/job/7.13/badge/icon)](https://beats-ci.elastic.co/job/Beats/job/beats/job/7.13/) +[![Build Status](https://beats-ci.elastic.co/job/Beats/job/beats/job/7.x/badge/icon)](https://beats-ci.elastic.co/job/Beats/job/beats/job/7.x/) [![GoReportCard](http://goreportcard.com/badge/elastic/beats)](http://goreportcard.com/report/elastic/beats) [![codecov.io](https://codecov.io/github/elastic/beats/coverage.svg?branch=master)](https://codecov.io/github/elastic/beats?branch=master) diff --git a/deploy/kubernetes/auditbeat-kubernetes.yaml b/deploy/kubernetes/auditbeat-kubernetes.yaml index 77b7303e53fc..5498ed21a831 100644 --- a/deploy/kubernetes/auditbeat-kubernetes.yaml +++ b/deploy/kubernetes/auditbeat-kubernetes.yaml @@ -109,7 +109,7 @@ spec: dnsPolicy: ClusterFirstWithHostNet containers: - name: auditbeat - image: docker.elastic.co/beats/auditbeat:7.13.0 + image: docker.elastic.co/beats/auditbeat:7.11.0 args: [ "-c", "/etc/auditbeat.yml", "-e", diff --git a/deploy/kubernetes/elastic-agent-standalone-kubernetes.yaml b/deploy/kubernetes/elastic-agent-standalone-kubernetes.yaml index 71b0b0e5fe78..78a9552a78e4 100644 --- a/deploy/kubernetes/elastic-agent-standalone-kubernetes.yaml +++ b/deploy/kubernetes/elastic-agent-standalone-kubernetes.yaml @@ -458,7 +458,7 @@ spec: dnsPolicy: ClusterFirstWithHostNet containers: - name: elastic-agent - image: docker.elastic.co/beats/elastic-agent:7.13.0 + image: docker.elastic.co/beats/elastic-agent:7.11.0 args: [ "-c", "/etc/agent.yml", "-e", diff --git a/deploy/kubernetes/filebeat-kubernetes.yaml b/deploy/kubernetes/filebeat-kubernetes.yaml index 715cf7c368ee..a252863fb2a9 100644 --- a/deploy/kubernetes/filebeat-kubernetes.yaml +++ b/deploy/kubernetes/filebeat-kubernetes.yaml @@ -64,7 +64,7 @@ spec: dnsPolicy: ClusterFirstWithHostNet containers: - name: filebeat - image: docker.elastic.co/beats/filebeat:7.13.0 + image: docker.elastic.co/beats/filebeat:7.11.0 args: [ "-c", "/etc/filebeat.yml", "-e", diff --git a/deploy/kubernetes/heartbeat-kubernetes.yaml b/deploy/kubernetes/heartbeat-kubernetes.yaml index 146e1f6c816e..b516725b2465 100644 --- a/deploy/kubernetes/heartbeat-kubernetes.yaml +++ b/deploy/kubernetes/heartbeat-kubernetes.yaml @@ -74,7 +74,7 @@ spec: dnsPolicy: ClusterFirstWithHostNet containers: - name: heartbeat - image: docker.elastic.co/beats/heartbeat:7.13.0 + image: docker.elastic.co/beats/heartbeat:7.11.0 args: [ "-c", "/etc/heartbeat.yml", "-e", diff --git a/deploy/kubernetes/metricbeat-kubernetes.yaml b/deploy/kubernetes/metricbeat-kubernetes.yaml index dd31be414251..8315cb0d7392 100644 --- a/deploy/kubernetes/metricbeat-kubernetes.yaml +++ b/deploy/kubernetes/metricbeat-kubernetes.yaml @@ -147,7 +147,7 @@ spec: dnsPolicy: ClusterFirstWithHostNet containers: - name: metricbeat - image: docker.elastic.co/beats/metricbeat:7.13.0 + image: docker.elastic.co/beats/metricbeat:7.11.0 args: [ "-c", "/etc/metricbeat.yml", "-e", diff --git a/libbeat/docs/version.asciidoc b/libbeat/docs/version.asciidoc index e126a7ca0c74..738d7d5c1453 100644 --- a/libbeat/docs/version.asciidoc +++ b/libbeat/docs/version.asciidoc @@ -1,4 +1,4 @@ -:stack-version: 7.13.0 +:stack-version: 7.11.0 :doc-branch: 7.x :go-version: 1.15.10 :release-state: unreleased diff --git a/libbeat/processors/decode_xml_wineventlog/processor.go b/libbeat/processors/decode_xml_wineventlog/processor.go index b5487764a2b3..a64c678dfe82 100644 --- a/libbeat/processors/decode_xml_wineventlog/processor.go +++ b/libbeat/processors/decode_xml_wineventlog/processor.go @@ -139,8 +139,9 @@ func fields(evt winevent.Event) (common.MapStr, common.MapStr) { ecs := common.MapStr{} + eventCode, _ := win.GetValue("event_id") + ecs.Put("event.code", eventCode) ecs.Put("event.kind", "event") - ecs.Put("event.code", evt.EventIdentifier.ID) ecs.Put("event.provider", evt.Provider.Name) winevent.AddOptional(ecs, "event.action", evt.Task) winevent.AddOptional(ecs, "host.name", evt.Computer) diff --git a/libbeat/processors/decode_xml_wineventlog/processor_test.go b/libbeat/processors/decode_xml_wineventlog/processor_test.go index 4e31a0138613..1aef817968f1 100644 --- a/libbeat/processors/decode_xml_wineventlog/processor_test.go +++ b/libbeat/processors/decode_xml_wineventlog/processor_test.go @@ -55,7 +55,7 @@ func TestProcessor(t *testing.T) { Output: common.MapStr{ "event": common.MapStr{ "action": "Special Logon", - "code": uint32(4672), + "code": "4672", "kind": "event", "outcome": "success", "provider": "Microsoft-Windows-Security-Auditing", @@ -71,7 +71,7 @@ func TestProcessor(t *testing.T) { "outcome": "success", "activity_id": "{ffb23523-1f32-0000-c335-b2ff321fd701}", "level": "information", - "event_id": uint32(4672), + "event_id": "4672", "provider_name": "Microsoft-Windows-Security-Auditing", "record_id": uint64(11303), "computer_name": "vagrant", @@ -129,7 +129,7 @@ func TestProcessor(t *testing.T) { "outcome": "success", "activity_id": "{ffb23523-1f32-0000-c335-b2ff321fd701}", "level": "information", - "event_id": uint32(4672), + "event_id": "4672", "provider_name": "Microsoft-Windows-Security-Auditing", "record_id": uint64(11303), "computer_name": "vagrant", diff --git a/testing/environments/snapshot-oss.yml b/testing/environments/snapshot-oss.yml index 19758bf474c2..6691044e03fd 100644 --- a/testing/environments/snapshot-oss.yml +++ b/testing/environments/snapshot-oss.yml @@ -3,7 +3,7 @@ version: '2.3' services: elasticsearch: - image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.13.0-SNAPSHOT + image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.12.0-SNAPSHOT healthcheck: test: ["CMD-SHELL", "curl -s http://localhost:9200/_cat/health?h=status | grep -q green"] retries: 300 @@ -15,7 +15,7 @@ services: - "http.host=0.0.0.0" logstash: - image: docker.elastic.co/logstash/logstash-oss:7.13.0-SNAPSHOT + image: docker.elastic.co/logstash/logstash-oss:7.12.0-SNAPSHOT healthcheck: test: ["CMD", "curl", "-f", "http://localhost:9600/_node/stats"] retries: 600 @@ -25,7 +25,7 @@ services: - ./docker/logstash/pki:/etc/pki:ro kibana: - image: docker.elastic.co/kibana/kibana-oss:7.13.0-SNAPSHOT + image: docker.elastic.co/kibana/kibana-oss:7.12.0-SNAPSHOT healthcheck: test: ["CMD-SHELL", "curl -s http://localhost:5601/api/status | grep -q 'Looking good'"] retries: 600 diff --git a/winlogbeat/eventlog/eventlog.go b/winlogbeat/eventlog/eventlog.go index 88bd4f5fabcc..43b0b98d0943 100644 --- a/winlogbeat/eventlog/eventlog.go +++ b/winlogbeat/eventlog/eventlog.go @@ -92,8 +92,9 @@ func (e Record) ToEvent() beat.Event { // ECS data m.Put("event.created", time.Now()) + eventCode, _ := win.GetValue("event_id") + m.Put("event.code", eventCode) m.Put("event.kind", "event") - m.Put("event.code", e.EventIdentifier.ID) m.Put("event.provider", e.Provider.Name) rename(m, "winlog.outcome", "event.outcome") diff --git a/winlogbeat/sys/winevent/event.go b/winlogbeat/sys/winevent/event.go index 8af8d0c9a759..9c342e73f480 100644 --- a/winlogbeat/sys/winevent/event.go +++ b/winlogbeat/sys/winevent/event.go @@ -98,7 +98,7 @@ func (e Event) Fields() common.MapStr { win := common.MapStr{} AddOptional(win, "channel", e.Channel) - AddOptional(win, "event_id", e.EventIdentifier.ID) + AddOptional(win, "event_id", fmt.Sprint(e.EventIdentifier.ID)) AddOptional(win, "provider_name", e.Provider.Name) AddOptional(win, "record_id", e.RecordID) AddOptional(win, "task", e.Task) diff --git a/winlogbeat/tests/system/test_wineventlog.py b/winlogbeat/tests/system/test_wineventlog.py index 8b06841ff708..347b8585d059 100644 --- a/winlogbeat/tests/system/test_wineventlog.py +++ b/winlogbeat/tests/system/test_wineventlog.py @@ -68,11 +68,10 @@ def test_read_unknown_event_id(self): wineventlog - Read unknown event ID """ msg = "Unknown event ID" - event_id = 1111 - self.write_event_log(msg, eventID=event_id) + self.write_event_log(msg, eventID=1111) evts = self.read_events() self.assertTrue(len(evts), 1) - self.assert_common_fields(evts[0], eventID=event_id, extra={ + self.assert_common_fields(evts[0], eventID="1111", extra={ "winlog.keywords": ["Classic"], "winlog.opcode": "Info", }) @@ -199,10 +198,10 @@ def test_query_event_id(self): ] }, expected_events=4) self.assertTrue(len(evts), 4) - self.assertEqual(evts[0]["winlog.event_id"], 50) - self.assertEqual(evts[1]["winlog.event_id"], 100) - self.assertEqual(evts[2]["winlog.event_id"], 175) - self.assertEqual(evts[3]["winlog.event_id"], 200) + self.assertEqual(evts[0]["winlog.event_id"], "50") + self.assertEqual(evts[1]["winlog.event_id"], "100") + self.assertEqual(evts[2]["winlog.event_id"], "175") + self.assertEqual(evts[3]["winlog.event_id"], "200") def test_query_level_single(self): """ @@ -270,8 +269,8 @@ def test_query_ignore_older(self): ] }) self.assertTrue(len(evts), 1) - self.assertEqual(evts[0]["winlog.event_id"], 10) - self.assertEqual(evts[0]["event.code"], 10) + self.assertEqual(evts[0]["winlog.event_id"], "10") + self.assertEqual(evts[0]["event.code"], "10") def test_query_provider(self): """ diff --git a/winlogbeat/tests/system/winlogbeat.py b/winlogbeat/tests/system/winlogbeat.py index 38891c32768f..e9a67670a8ca 100644 --- a/winlogbeat/tests/system/winlogbeat.py +++ b/winlogbeat/tests/system/winlogbeat.py @@ -135,7 +135,7 @@ def read_registry(self, requireBookmark=False): return event_logs - def assert_common_fields(self, evt, msg=None, eventID=10, sid=None, + def assert_common_fields(self, evt, msg=None, eventID="10", sid=None, level="information", extra=None): assert host_name(evt["winlog.computer_name"]).lower() == host_name(platform.node()).lower() diff --git a/x-pack/winlogbeat/module/powershell/test/testdata/400.evtx.golden.json b/x-pack/winlogbeat/module/powershell/test/testdata/400.evtx.golden.json index 9d75f5aa04f8..4e6582e6cd29 100644 --- a/x-pack/winlogbeat/module/powershell/test/testdata/400.evtx.golden.json +++ b/x-pack/winlogbeat/module/powershell/test/testdata/400.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "process" ], - "code": 400, + "code": "400", "kind": "event", "module": "powershell", "provider": "PowerShell", @@ -46,7 +46,7 @@ "api": "wineventlog", "channel": "Windows PowerShell", "computer_name": "vagrant", - "event_id": 400, + "event_id": "400", "keywords": [ "Classic" ], @@ -63,7 +63,7 @@ "category": [ "process" ], - "code": 400, + "code": "400", "kind": "event", "module": "powershell", "provider": "PowerShell", @@ -105,7 +105,7 @@ "api": "wineventlog", "channel": "Windows PowerShell", "computer_name": "vagrant", - "event_id": 400, + "event_id": "400", "keywords": [ "Classic" ], @@ -122,7 +122,7 @@ "category": [ "process" ], - "code": 400, + "code": "400", "kind": "event", "module": "powershell", "provider": "PowerShell", @@ -162,7 +162,7 @@ "api": "wineventlog", "channel": "Windows PowerShell", "computer_name": "vagrant", - "event_id": 400, + "event_id": "400", "keywords": [ "Classic" ], @@ -179,7 +179,7 @@ "category": [ "process" ], - "code": 400, + "code": "400", "kind": "event", "module": "powershell", "provider": "PowerShell", @@ -213,7 +213,7 @@ "api": "wineventlog", "channel": "Windows PowerShell", "computer_name": "vagrant", - "event_id": 400, + "event_id": "400", "keywords": [ "Classic" ], diff --git a/x-pack/winlogbeat/module/powershell/test/testdata/403.evtx.golden.json b/x-pack/winlogbeat/module/powershell/test/testdata/403.evtx.golden.json index 0d1795bda3f1..5c0c895856f7 100644 --- a/x-pack/winlogbeat/module/powershell/test/testdata/403.evtx.golden.json +++ b/x-pack/winlogbeat/module/powershell/test/testdata/403.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "process" ], - "code": 403, + "code": "403", "kind": "event", "module": "powershell", "provider": "PowerShell", @@ -45,7 +45,7 @@ "api": "wineventlog", "channel": "Windows PowerShell", "computer_name": "vagrant", - "event_id": 403, + "event_id": "403", "keywords": [ "Classic" ], @@ -62,7 +62,7 @@ "category": [ "process" ], - "code": 403, + "code": "403", "kind": "event", "module": "powershell", "provider": "PowerShell", @@ -102,7 +102,7 @@ "api": "wineventlog", "channel": "Windows PowerShell", "computer_name": "vagrant", - "event_id": 403, + "event_id": "403", "keywords": [ "Classic" ], @@ -119,7 +119,7 @@ "category": [ "process" ], - "code": 403, + "code": "403", "kind": "event", "module": "powershell", "provider": "PowerShell", @@ -166,7 +166,7 @@ "api": "wineventlog", "channel": "Windows PowerShell", "computer_name": "vagrant", - "event_id": 403, + "event_id": "403", "keywords": [ "Classic" ], @@ -183,7 +183,7 @@ "category": [ "process" ], - "code": 403, + "code": "403", "kind": "event", "module": "powershell", "provider": "PowerShell", @@ -217,7 +217,7 @@ "api": "wineventlog", "channel": "Windows PowerShell", "computer_name": "vagrant", - "event_id": 403, + "event_id": "403", "keywords": [ "Classic" ], diff --git a/x-pack/winlogbeat/module/powershell/test/testdata/4103.evtx.golden.json b/x-pack/winlogbeat/module/powershell/test/testdata/4103.evtx.golden.json index c6c186bd12e2..46d290b1f5ad 100644 --- a/x-pack/winlogbeat/module/powershell/test/testdata/4103.evtx.golden.json +++ b/x-pack/winlogbeat/module/powershell/test/testdata/4103.evtx.golden.json @@ -12,7 +12,7 @@ "category": [ "process" ], - "code": 4103, + "code": "4103", "kind": "event", "module": "powershell", "provider": "Microsoft-Windows-PowerShell", @@ -94,7 +94,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-PowerShell/Operational", "computer_name": "vagrant", - "event_id": 4103, + "event_id": "4103", "opcode": "To be used when operation is just executing a method", "process": { "pid": 3984, @@ -119,7 +119,7 @@ "category": [ "process" ], - "code": 4103, + "code": "4103", "kind": "event", "module": "powershell", "provider": "Microsoft-Windows-PowerShell", @@ -217,7 +217,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-PowerShell/Operational", "computer_name": "vagrant", - "event_id": 4103, + "event_id": "4103", "opcode": "To be used when operation is just executing a method", "process": { "pid": 5032, diff --git a/x-pack/winlogbeat/module/powershell/test/testdata/4104.evtx.golden.json b/x-pack/winlogbeat/module/powershell/test/testdata/4104.evtx.golden.json index 3c2af0061853..94621ee16e17 100644 --- a/x-pack/winlogbeat/module/powershell/test/testdata/4104.evtx.golden.json +++ b/x-pack/winlogbeat/module/powershell/test/testdata/4104.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "process" ], - "code": 4104, + "code": "4104", "kind": "event", "module": "powershell", "provider": "Microsoft-Windows-PowerShell", @@ -36,7 +36,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-PowerShell/Operational", "computer_name": "vagrant", - "event_id": 4104, + "event_id": "4104", "opcode": "On create calls", "process": { "pid": 4844, @@ -61,7 +61,7 @@ "category": [ "process" ], - "code": 4104, + "code": "4104", "kind": "event", "module": "powershell", "provider": "Microsoft-Windows-PowerShell", @@ -96,7 +96,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-PowerShell/Operational", "computer_name": "vagrant", - "event_id": 4104, + "event_id": "4104", "opcode": "On create calls", "process": { "pid": 4844, diff --git a/x-pack/winlogbeat/module/powershell/test/testdata/4105.evtx.golden.json b/x-pack/winlogbeat/module/powershell/test/testdata/4105.evtx.golden.json index f19c03b5abc7..09f158eb7ca7 100644 --- a/x-pack/winlogbeat/module/powershell/test/testdata/4105.evtx.golden.json +++ b/x-pack/winlogbeat/module/powershell/test/testdata/4105.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "process" ], - "code": 4105, + "code": "4105", "kind": "event", "module": "powershell", "provider": "Microsoft-Windows-PowerShell", @@ -34,7 +34,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-PowerShell/Operational", "computer_name": "vagrant", - "event_id": 4105, + "event_id": "4105", "opcode": "On create calls", "process": { "pid": 4204, diff --git a/x-pack/winlogbeat/module/powershell/test/testdata/4106.evtx.golden.json b/x-pack/winlogbeat/module/powershell/test/testdata/4106.evtx.golden.json index 117c907387e6..bca224a07ce2 100644 --- a/x-pack/winlogbeat/module/powershell/test/testdata/4106.evtx.golden.json +++ b/x-pack/winlogbeat/module/powershell/test/testdata/4106.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "process" ], - "code": 4106, + "code": "4106", "kind": "event", "module": "powershell", "provider": "Microsoft-Windows-PowerShell", @@ -34,7 +34,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-PowerShell/Operational", "computer_name": "vagrant", - "event_id": 4106, + "event_id": "4106", "opcode": "On create calls", "process": { "pid": 4776, diff --git a/x-pack/winlogbeat/module/powershell/test/testdata/600.evtx.golden.json b/x-pack/winlogbeat/module/powershell/test/testdata/600.evtx.golden.json index 9a008ac3b2dc..c6fa28aab3d9 100644 --- a/x-pack/winlogbeat/module/powershell/test/testdata/600.evtx.golden.json +++ b/x-pack/winlogbeat/module/powershell/test/testdata/600.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "process" ], - "code": 600, + "code": "600", "kind": "event", "module": "powershell", "provider": "PowerShell", @@ -49,7 +49,7 @@ "api": "wineventlog", "channel": "Windows PowerShell", "computer_name": "vagrant", - "event_id": 600, + "event_id": "600", "keywords": [ "Classic" ], @@ -66,7 +66,7 @@ "category": [ "process" ], - "code": 600, + "code": "600", "kind": "event", "module": "powershell", "provider": "PowerShell", @@ -106,7 +106,7 @@ "api": "wineventlog", "channel": "Windows PowerShell", "computer_name": "vagrant", - "event_id": 600, + "event_id": "600", "keywords": [ "Classic" ], @@ -123,7 +123,7 @@ "category": [ "process" ], - "code": 600, + "code": "600", "kind": "event", "module": "powershell", "provider": "PowerShell", @@ -155,7 +155,7 @@ "api": "wineventlog", "channel": "Windows PowerShell", "computer_name": "vagrant", - "event_id": 600, + "event_id": "600", "keywords": [ "Classic" ], diff --git a/x-pack/winlogbeat/module/powershell/test/testdata/800.evtx.golden.json b/x-pack/winlogbeat/module/powershell/test/testdata/800.evtx.golden.json index 505a11b48af9..48b36cc8e2ae 100644 --- a/x-pack/winlogbeat/module/powershell/test/testdata/800.evtx.golden.json +++ b/x-pack/winlogbeat/module/powershell/test/testdata/800.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "process" ], - "code": 800, + "code": "800", "kind": "event", "module": "powershell", "provider": "PowerShell", @@ -91,7 +91,7 @@ "api": "wineventlog", "channel": "Windows PowerShell", "computer_name": "vagrant-2019", - "event_id": 800, + "event_id": "800", "keywords": [ "Classic" ], @@ -108,7 +108,7 @@ "category": [ "process" ], - "code": 800, + "code": "800", "kind": "event", "module": "powershell", "provider": "PowerShell", @@ -174,7 +174,7 @@ "api": "wineventlog", "channel": "Windows PowerShell", "computer_name": "vagrant", - "event_id": 800, + "event_id": "800", "keywords": [ "Classic" ], @@ -191,7 +191,7 @@ "category": [ "process" ], - "code": 800, + "code": "800", "kind": "event", "module": "powershell", "provider": "PowerShell", @@ -268,7 +268,7 @@ "api": "wineventlog", "channel": "Windows PowerShell", "computer_name": "vagrant", - "event_id": 800, + "event_id": "800", "keywords": [ "Classic" ], @@ -285,7 +285,7 @@ "category": [ "process" ], - "code": 800, + "code": "800", "kind": "event", "module": "powershell", "provider": "PowerShell", @@ -350,7 +350,7 @@ "api": "wineventlog", "channel": "Windows PowerShell", "computer_name": "vagrant", - "event_id": 800, + "event_id": "800", "keywords": [ "Classic" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/1100.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/1100.evtx.golden.json index 929282d24a16..1f9244e47b86 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/1100.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/1100.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "process" ], - "code": 1100, + "code": "1100", "kind": "event", "module": "security", "outcome": "success", @@ -25,7 +25,7 @@ "api": "wineventlog", "channel": "Security", "computer_name": "WIN-41OB2LO92CR.wlbeat.local", - "event_id": 1100, + "event_id": "1100", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/1102.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/1102.evtx.golden.json index e0e3bb599d96..e65b84849db1 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/1102.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/1102.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "iam" ], - "code": 1102, + "code": "1102", "kind": "event", "module": "security", "outcome": "success", @@ -34,7 +34,7 @@ "api": "wineventlog", "channel": "Security", "computer_name": "WIN-41OB2LO92CR.wlbeat.local", - "event_id": 1102, + "event_id": "1102", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/1104.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/1104.evtx.golden.json index 11bb240e29d6..53e3d2d85c7f 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/1104.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/1104.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "iam" ], - "code": 1104, + "code": "1104", "kind": "event", "module": "security", "outcome": "success", @@ -25,7 +25,7 @@ "api": "wineventlog", "channel": "Security", "computer_name": "WIN-41OB2LO92CR.wlbeat.local", - "event_id": 1104, + "event_id": "1104", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/1105.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/1105.evtx.golden.json index fe2e74b71025..3dd8eea6c62d 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/1105.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/1105.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "iam" ], - "code": 1105, + "code": "1105", "kind": "event", "module": "security", "outcome": "success", @@ -25,7 +25,7 @@ "api": "wineventlog", "channel": "Security", "computer_name": "WIN-41OB2LO92CR.wlbeat.local", - "event_id": 1105, + "event_id": "1105", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/4670_WindowsSrv2016.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4670_WindowsSrv2016.evtx.golden.json index 0666a8b5ac8b..01df17a0767f 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4670_WindowsSrv2016.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4670_WindowsSrv2016.evtx.golden.json @@ -7,7 +7,7 @@ "iam", "configuration" ], - "code": 4670, + "code": "4670", "kind": "event", "module": "security", "outcome": "success", @@ -57,7 +57,7 @@ "SubjectUserName": "WIN-BVM4LI1L1Q6$", "SubjectUserSid": "S-1-5-18" }, - "event_id": 4670, + "event_id": "4670", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/4706_WindowsSrv2016.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4706_WindowsSrv2016.evtx.golden.json index 7cdf639ce487..8f81e3e5f427 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4706_WindowsSrv2016.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4706_WindowsSrv2016.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "configuration" ], - "code": 4706, + "code": "4706", "kind": "event", "module": "security", "outcome": "success", @@ -46,7 +46,7 @@ "TdoDirection": "3", "TdoType": "3" }, - "event_id": 4706, + "event_id": "4706", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/4707_WindowsSrv2016.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4707_WindowsSrv2016.evtx.golden.json index d16ff334435e..71e408d7aba6 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4707_WindowsSrv2016.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4707_WindowsSrv2016.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "configuration" ], - "code": 4707, + "code": "4707", "kind": "event", "module": "security", "outcome": "success", @@ -41,7 +41,7 @@ "SubjectUserName": "Administrator", "SubjectUserSid": "S-1-5-21-2024912787-2692429404-2351956786-500" }, - "event_id": 4707, + "event_id": "4707", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/4713_WindowsSrv2016.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4713_WindowsSrv2016.evtx.golden.json index 9dcfe4ddb592..0c935d1c79b8 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4713_WindowsSrv2016.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4713_WindowsSrv2016.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "configuration" ], - "code": 4713, + "code": "4713", "kind": "event", "module": "security", "outcome": "success", @@ -41,7 +41,7 @@ "SubjectUserName": "WIN-BVM4LI1L1Q6$", "SubjectUserSid": "S-1-5-18" }, - "event_id": 4713, + "event_id": "4713", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/4716_WindowsSrv2016.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4716_WindowsSrv2016.evtx.golden.json index 6e43b04c6f36..854155dd9b76 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4716_WindowsSrv2016.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4716_WindowsSrv2016.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "configuration" ], - "code": 4716, + "code": "4716", "kind": "event", "module": "security", "outcome": "success", @@ -46,7 +46,7 @@ "TdoDirection": "3", "TdoType": "3" }, - "event_id": 4716, + "event_id": "4716", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/4717_WindowsSrv2016.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4717_WindowsSrv2016.evtx.golden.json index fe3d49133e01..b8cdb29aef6a 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4717_WindowsSrv2016.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4717_WindowsSrv2016.evtx.golden.json @@ -7,7 +7,7 @@ "iam", "configuration" ], - "code": 4717, + "code": "4717", "kind": "event", "module": "security", "outcome": "success", @@ -44,7 +44,7 @@ "SubjectUserSid": "S-1-5-18", "TargetSid": "S-1-5-9" }, - "event_id": 4717, + "event_id": "4717", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/4718_WindowsSrv2016.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4718_WindowsSrv2016.evtx.golden.json index 6e5fc0f6d54d..f6a9d5e5f11b 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4718_WindowsSrv2016.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4718_WindowsSrv2016.evtx.golden.json @@ -7,7 +7,7 @@ "iam", "configuration" ], - "code": 4718, + "code": "4718", "kind": "event", "module": "security", "outcome": "success", @@ -44,7 +44,7 @@ "SubjectUserSid": "S-1-5-18", "TargetSid": "S-1-5-32-545" }, - "event_id": 4718, + "event_id": "4718", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/4719.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4719.evtx.golden.json index d7880b5b8a20..98dfdac7e0c0 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4719.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4719.evtx.golden.json @@ -7,7 +7,7 @@ "iam", "configuration" ], - "code": 4719, + "code": "4719", "kind": "event", "module": "security", "outcome": "success", @@ -52,7 +52,7 @@ "SubjectUserName": "WIN-41OB2LO92CR$", "SubjectUserSid": "S-1-5-18" }, - "event_id": 4719, + "event_id": "4719", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/4719_WindowsSrv2016.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4719_WindowsSrv2016.evtx.golden.json index 4bc9323ce3ff..67de3cde4ece 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4719_WindowsSrv2016.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4719_WindowsSrv2016.evtx.golden.json @@ -7,7 +7,7 @@ "iam", "configuration" ], - "code": 4719, + "code": "4719", "kind": "event", "module": "security", "outcome": "success", @@ -51,7 +51,7 @@ "SubjectUserName": "Administrator", "SubjectUserSid": "S-1-5-21-2024912787-2692429404-2351956786-500" }, - "event_id": 4719, + "event_id": "4719", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/4739_WindowsSrv2016.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4739_WindowsSrv2016.evtx.golden.json index 4035618ea1de..5f42d66c8b74 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4739_WindowsSrv2016.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4739_WindowsSrv2016.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "configuration" ], - "code": 4739, + "code": "4739", "kind": "event", "module": "security", "outcome": "success", @@ -48,7 +48,7 @@ "SubjectUserName": "WIN-BVM4LI1L1Q6$", "SubjectUserSid": "S-1-5-18" }, - "event_id": 4739, + "event_id": "4739", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/4741.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4741.evtx.golden.json index 72f4a2095ed7..6a63c8b5498f 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4741.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4741.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "iam" ], - "code": 4741, + "code": "4741", "kind": "event", "module": "security", "outcome": "success", @@ -79,7 +79,7 @@ "UserPrincipalName": "-", "UserWorkstations": "-" }, - "event_id": 4741, + "event_id": "4741", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/4742.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4742.evtx.golden.json index 1fd4de6cdd7d..f082165f553a 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4742.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4742.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "iam" ], - "code": 4742, + "code": "4742", "kind": "event", "module": "security", "outcome": "success", @@ -77,7 +77,7 @@ "UserPrincipalName": "-", "UserWorkstations": "-" }, - "event_id": 4742, + "event_id": "4742", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/4743.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4743.evtx.golden.json index 78c6fa10a44f..dac7143a0532 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4743.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4743.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "iam" ], - "code": 4743, + "code": "4743", "kind": "event", "module": "security", "outcome": "success", @@ -51,7 +51,7 @@ "TargetSid": "S-1-5-21-1717121054-434620538-60925301-2902", "TargetUserName": "TESTCOMPUTEROBJ$" }, - "event_id": 4743, + "event_id": "4743", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/4744.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4744.evtx.golden.json index 1c7d689ef4b4..21d74faa49ef 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4744.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4744.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "iam" ], - "code": 4744, + "code": "4744", "kind": "event", "module": "security", "outcome": "success", @@ -51,7 +51,7 @@ "TargetSid": "S-1-5-21-1717121054-434620538-60925301-2903", "TargetUserName": "testdistlocal" }, - "event_id": 4744, + "event_id": "4744", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/4745.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4745.evtx.golden.json index a19ba89ec839..243a144f3bdc 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4745.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4745.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "iam" ], - "code": 4745, + "code": "4745", "kind": "event", "module": "security", "outcome": "success", @@ -51,7 +51,7 @@ "TargetSid": "S-1-5-21-1717121054-434620538-60925301-2903", "TargetUserName": "testdistlocal1" }, - "event_id": 4745, + "event_id": "4745", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/4746.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4746.evtx.golden.json index be20ce400a48..d3dbd3d19b52 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4746.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4746.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "iam" ], - "code": 4746, + "code": "4746", "kind": "event", "module": "security", "outcome": "success", @@ -62,7 +62,7 @@ "TargetSid": "S-1-5-21-1717121054-434620538-60925301-2903", "TargetUserName": "testdistlocal1" }, - "event_id": 4746, + "event_id": "4746", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/4747.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4747.evtx.golden.json index c903452389dd..41b67ea75f61 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4747.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4747.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "iam" ], - "code": 4747, + "code": "4747", "kind": "event", "module": "security", "outcome": "success", @@ -62,7 +62,7 @@ "TargetSid": "S-1-5-21-1717121054-434620538-60925301-2903", "TargetUserName": "testdistlocal1" }, - "event_id": 4747, + "event_id": "4747", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/4748.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4748.evtx.golden.json index 3d620a576f07..d7c141fafb34 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4748.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4748.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "iam" ], - "code": 4748, + "code": "4748", "kind": "event", "module": "security", "outcome": "success", @@ -49,7 +49,7 @@ "TargetSid": "S-1-5-21-1717121054-434620538-60925301-2903", "TargetUserName": "testdistlocal1" }, - "event_id": 4748, + "event_id": "4748", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/4749.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4749.evtx.golden.json index c1409cf74117..5e6814e3ca1b 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4749.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4749.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "iam" ], - "code": 4749, + "code": "4749", "kind": "event", "module": "security", "outcome": "success", @@ -51,7 +51,7 @@ "TargetSid": "S-1-5-21-1717121054-434620538-60925301-2904", "TargetUserName": "testglobal" }, - "event_id": 4749, + "event_id": "4749", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/4750.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4750.evtx.golden.json index aabca7b49f0c..078264fa437b 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4750.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4750.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "iam" ], - "code": 4750, + "code": "4750", "kind": "event", "module": "security", "outcome": "success", @@ -51,7 +51,7 @@ "TargetSid": "S-1-5-21-1717121054-434620538-60925301-2904", "TargetUserName": "testglobal1" }, - "event_id": 4750, + "event_id": "4750", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/4751.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4751.evtx.golden.json index 0e9aa9016991..e838da29e549 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4751.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4751.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "iam" ], - "code": 4751, + "code": "4751", "kind": "event", "module": "security", "outcome": "success", @@ -62,7 +62,7 @@ "TargetSid": "S-1-5-21-1717121054-434620538-60925301-2904", "TargetUserName": "testglobal1" }, - "event_id": 4751, + "event_id": "4751", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/4752.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4752.evtx.golden.json index 76fb4727e1f5..37544b89cbe0 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4752.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4752.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "iam" ], - "code": 4752, + "code": "4752", "kind": "event", "module": "security", "outcome": "success", @@ -62,7 +62,7 @@ "TargetSid": "S-1-5-21-1717121054-434620538-60925301-2904", "TargetUserName": "testglobal1" }, - "event_id": 4752, + "event_id": "4752", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/4753.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4753.evtx.golden.json index df5d283bb3cf..03fc30897eb7 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4753.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4753.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "iam" ], - "code": 4753, + "code": "4753", "kind": "event", "module": "security", "outcome": "success", @@ -49,7 +49,7 @@ "TargetSid": "S-1-5-21-1717121054-434620538-60925301-2904", "TargetUserName": "testglobal1" }, - "event_id": 4753, + "event_id": "4753", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/4759.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4759.evtx.golden.json index ed306992f890..3d187783adaa 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4759.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4759.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "iam" ], - "code": 4759, + "code": "4759", "kind": "event", "module": "security", "outcome": "success", @@ -51,7 +51,7 @@ "TargetSid": "S-1-5-21-1717121054-434620538-60925301-2905", "TargetUserName": "testuni" }, - "event_id": 4759, + "event_id": "4759", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/4760.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4760.evtx.golden.json index b3842d0b7c71..0ebcf954136b 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4760.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4760.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "iam" ], - "code": 4760, + "code": "4760", "kind": "event", "module": "security", "outcome": "success", @@ -51,7 +51,7 @@ "TargetSid": "S-1-5-21-1717121054-434620538-60925301-2905", "TargetUserName": "testuni2" }, - "event_id": 4760, + "event_id": "4760", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/4761.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4761.evtx.golden.json index 3c177519316e..3c7563a75dee 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4761.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4761.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "iam" ], - "code": 4761, + "code": "4761", "kind": "event", "module": "security", "outcome": "success", @@ -62,7 +62,7 @@ "TargetSid": "S-1-5-21-1717121054-434620538-60925301-2905", "TargetUserName": "testuni2" }, - "event_id": 4761, + "event_id": "4761", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/4762.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4762.evtx.golden.json index b31bf25e3f8e..5ff88d4e7c6d 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4762.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4762.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "iam" ], - "code": 4762, + "code": "4762", "kind": "event", "module": "security", "outcome": "success", @@ -62,7 +62,7 @@ "TargetSid": "S-1-5-21-1717121054-434620538-60925301-2905", "TargetUserName": "testuni2" }, - "event_id": 4762, + "event_id": "4762", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/4763.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4763.evtx.golden.json index cb288f808ee4..7ccc6fd7af19 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4763.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4763.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "iam" ], - "code": 4763, + "code": "4763", "kind": "event", "module": "security", "outcome": "success", @@ -49,7 +49,7 @@ "TargetSid": "S-1-5-21-1717121054-434620538-60925301-2905", "TargetUserName": "testuni2" }, - "event_id": 4763, + "event_id": "4763", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/4817_WindowsSrv2016.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4817_WindowsSrv2016.evtx.golden.json index 71607b7242c0..ee535792e69c 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4817_WindowsSrv2016.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4817_WindowsSrv2016.evtx.golden.json @@ -7,7 +7,7 @@ "iam", "configuration" ], - "code": 4817, + "code": "4817", "kind": "event", "module": "security", "outcome": "success", @@ -51,7 +51,7 @@ "SubjectUserName": "WIN-BVM4LI1L1Q6$", "SubjectUserSid": "S-1-5-18" }, - "event_id": 4817, + "event_id": "4817", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/4902_WindowsSrv2016.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4902_WindowsSrv2016.evtx.golden.json index 0c21de310ab1..8e8140a27ee3 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4902_WindowsSrv2016.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4902_WindowsSrv2016.evtx.golden.json @@ -7,7 +7,7 @@ "iam", "configuration" ], - "code": 4902, + "code": "4902", "kind": "event", "module": "security", "outcome": "success", @@ -31,7 +31,7 @@ "PuaCount": "0", "PuaPolicyId": "0x9fd2" }, - "event_id": 4902, + "event_id": "4902", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/4904_WindowsSrv2016.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4904_WindowsSrv2016.evtx.golden.json index cb92cffa1b22..8c11f07c03dd 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4904_WindowsSrv2016.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4904_WindowsSrv2016.evtx.golden.json @@ -7,7 +7,7 @@ "iam", "configuration" ], - "code": 4904, + "code": "4904", "kind": "event", "module": "security", "outcome": "success", @@ -49,7 +49,7 @@ "SubjectUserName": "WIN-BVM4LI1L1Q6$", "SubjectUserSid": "S-1-5-18" }, - "event_id": 4904, + "event_id": "4904", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/4905_WindowsSrv2016.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4905_WindowsSrv2016.evtx.golden.json index 7b5c2e7c0c7e..4698280b1814 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4905_WindowsSrv2016.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4905_WindowsSrv2016.evtx.golden.json @@ -7,7 +7,7 @@ "iam", "configuration" ], - "code": 4905, + "code": "4905", "kind": "event", "module": "security", "outcome": "success", @@ -49,7 +49,7 @@ "SubjectUserName": "WIN-BVM4LI1L1Q6$", "SubjectUserSid": "S-1-5-18" }, - "event_id": 4905, + "event_id": "4905", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/4906_WindowsSrv2016.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4906_WindowsSrv2016.evtx.golden.json index 9711989c89ef..4cb2d598a107 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4906_WindowsSrv2016.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4906_WindowsSrv2016.evtx.golden.json @@ -7,7 +7,7 @@ "iam", "configuration" ], - "code": 4906, + "code": "4906", "kind": "event", "module": "security", "outcome": "success", @@ -30,7 +30,7 @@ "event_data": { "CrashOnAuditFailValue": "1" }, - "event_id": 4906, + "event_id": "4906", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/4907_WindowsSrv2016.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4907_WindowsSrv2016.evtx.golden.json index 32dd648fc2a5..14d46cdaed94 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4907_WindowsSrv2016.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4907_WindowsSrv2016.evtx.golden.json @@ -7,7 +7,7 @@ "iam", "configuration" ], - "code": 4907, + "code": "4907", "kind": "event", "module": "security", "outcome": "success", @@ -52,7 +52,7 @@ "SubjectUserName": "WIN-BVM4LI1L1Q6$", "SubjectUserSid": "S-1-5-18" }, - "event_id": 4907, + "event_id": "4907", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/4908_WindowsSrv2016.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/4908_WindowsSrv2016.evtx.golden.json index fcbdbce1d3db..95226ee04fe2 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/4908_WindowsSrv2016.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/4908_WindowsSrv2016.evtx.golden.json @@ -7,7 +7,7 @@ "iam", "configuration" ], - "code": 4908, + "code": "4908", "kind": "event", "module": "security", "outcome": "success", @@ -38,7 +38,7 @@ "S-1-5-32-123-54-65" ] }, - "event_id": 4908, + "event_id": "4908", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4673.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4673.evtx.golden.json index 2eb6bbedc4d5..58c8cf3a943b 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4673.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4673.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "iam" ], - "code": 4673, + "code": "4673", "kind": "event", "module": "security", "outcome": "success", @@ -49,7 +49,7 @@ "SubjectUserName": "DC_TEST2K12$", "SubjectUserSid": "S-1-5-18" }, - "event_id": 4673, + "event_id": "4673", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4674.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4674.evtx.golden.json index 04ae7f02b4af..ed2322be1d07 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4674.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4674.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "iam" ], - "code": 4674, + "code": "4674", "kind": "event", "module": "security", "outcome": "success", @@ -59,7 +59,7 @@ "SubjectUserName": "at_adm", "SubjectUserSid": "S-1-5-21-1717121054-434620538-60925301-2794" }, - "event_id": 4674, + "event_id": "4674", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4697.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4697.evtx.golden.json index 8694d6363d65..ba39ae77524b 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4697.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4697.evtx.golden.json @@ -7,7 +7,7 @@ "iam", "configuration" ], - "code": 4697, + "code": "4697", "kind": "event", "module": "security", "outcome": "success", @@ -51,7 +51,7 @@ "SubjectUserName": "Administrator", "SubjectUserSid": "S-1-5-21-101361758-2486510592-3018839910-500" }, - "event_id": 4697, + "event_id": "4697", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4698.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4698.evtx.golden.json index 8f1fe3c57d80..91f5f7b2623b 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4698.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4698.evtx.golden.json @@ -7,7 +7,7 @@ "iam", "configuration" ], - "code": 4698, + "code": "4698", "kind": "event", "module": "security", "outcome": "success", @@ -43,7 +43,7 @@ "TaskContent": "\u003c?xml version=\"1.0\" encoding=\"UTF-16\"?\u003e\n\u003cTask version=\"1.2\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\"\u003e\n \u003cRegistrationInfo\u003e\n \u003cDate\u003e2020-04-01T16:34:34.574883\u003c/Date\u003e\n \u003cAuthor\u003eTEST\\at_adm\u003c/Author\u003e\n \u003c/RegistrationInfo\u003e\n \u003cTriggers\u003e\n \u003cTimeTrigger\u003e\n \u003cStartBoundary\u003e2020-04-01T16:33:41.3123848\u003c/StartBoundary\u003e\n \u003cEnabled\u003etrue\u003c/Enabled\u003e\n \u003c/TimeTrigger\u003e\n \u003c/Triggers\u003e\n \u003cPrincipals\u003e\n \u003cPrincipal id=\"Author\"\u003e\n \u003cRunLevel\u003eLeastPrivilege\u003c/RunLevel\u003e\n \u003cUserId\u003eTEST\\at_adm\u003c/UserId\u003e\n \u003cLogonType\u003eInteractiveToken\u003c/LogonType\u003e\n \u003c/Principal\u003e\n \u003c/Principals\u003e\n \u003cSettings\u003e\n \u003cMultipleInstancesPolicy\u003eIgnoreNew\u003c/MultipleInstancesPolicy\u003e\n \u003cDisallowStartIfOnBatteries\u003etrue\u003c/DisallowStartIfOnBatteries\u003e\n \u003cStopIfGoingOnBatteries\u003etrue\u003c/StopIfGoingOnBatteries\u003e\n \u003cAllowHardTerminate\u003etrue\u003c/AllowHardTerminate\u003e\n \u003cStartWhenAvailable\u003efalse\u003c/StartWhenAvailable\u003e\n \u003cRunOnlyIfNetworkAvailable\u003efalse\u003c/RunOnlyIfNetworkAvailable\u003e\n \u003cIdleSettings\u003e\n \u003cStopOnIdleEnd\u003etrue\u003c/StopOnIdleEnd\u003e\n \u003cRestartOnIdle\u003efalse\u003c/RestartOnIdle\u003e\n \u003c/IdleSettings\u003e\n \u003cAllowStartOnDemand\u003etrue\u003c/AllowStartOnDemand\u003e\n \u003cEnabled\u003etrue\u003c/Enabled\u003e\n \u003cHidden\u003efalse\u003c/Hidden\u003e\n \u003cRunOnlyIfIdle\u003efalse\u003c/RunOnlyIfIdle\u003e\n \u003cWakeToRun\u003efalse\u003c/WakeToRun\u003e\n \u003cExecutionTimeLimit\u003eP3D\u003c/ExecutionTimeLimit\u003e\n \u003cPriority\u003e7\u003c/Priority\u003e\n \u003c/Settings\u003e\n \u003cActions Context=\"Author\"\u003e\n \u003cExec\u003e\n \u003cCommand\u003e%windir%\\system32\\calc.exe\u003c/Command\u003e\n \u003c/Exec\u003e\n \u003cExec\u003e\n \u003cCommand\u003e%windir%\\system32\\mspaint.exe\u003c/Command\u003e\n \u003c/Exec\u003e\n \u003c/Actions\u003e\n\u003c/Task\u003e", "TaskName": "\\test1" }, - "event_id": 4698, + "event_id": "4698", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4699.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4699.evtx.golden.json index 318bd8e90f98..6698fcaa5055 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4699.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4699.evtx.golden.json @@ -7,7 +7,7 @@ "iam", "configuration" ], - "code": 4699, + "code": "4699", "kind": "event", "module": "security", "outcome": "success", @@ -43,7 +43,7 @@ "TaskContent": "\u003c?xml version=\"1.0\" encoding=\"UTF-16\"?\u003e\n\u003cTask version=\"1.2\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\"\u003e\n \u003cRegistrationInfo\u003e\n \u003cDate\u003e2020-04-01T16:34:34.574883\u003c/Date\u003e\n \u003cAuthor\u003eTEST\\at_adm\u003c/Author\u003e\n \u003c/RegistrationInfo\u003e\n \u003cTriggers\u003e\n \u003cTimeTrigger\u003e\n \u003cStartBoundary\u003e2020-04-01T16:33:41.3123848\u003c/StartBoundary\u003e\n \u003cEnabled\u003etrue\u003c/Enabled\u003e\n \u003c/TimeTrigger\u003e\n \u003c/Triggers\u003e\n \u003cPrincipals\u003e\n \u003cPrincipal id=\"Author\"\u003e\n \u003cRunLevel\u003eLeastPrivilege\u003c/RunLevel\u003e\n \u003cUserId\u003eTEST\\at_adm\u003c/UserId\u003e\n \u003cLogonType\u003eInteractiveToken\u003c/LogonType\u003e\n \u003c/Principal\u003e\n \u003c/Principals\u003e\n \u003cSettings\u003e\n \u003cMultipleInstancesPolicy\u003eIgnoreNew\u003c/MultipleInstancesPolicy\u003e\n \u003cDisallowStartIfOnBatteries\u003etrue\u003c/DisallowStartIfOnBatteries\u003e\n \u003cStopIfGoingOnBatteries\u003etrue\u003c/StopIfGoingOnBatteries\u003e\n \u003cAllowHardTerminate\u003etrue\u003c/AllowHardTerminate\u003e\n \u003cStartWhenAvailable\u003efalse\u003c/StartWhenAvailable\u003e\n \u003cRunOnlyIfNetworkAvailable\u003efalse\u003c/RunOnlyIfNetworkAvailable\u003e\n \u003cIdleSettings\u003e\n \u003cStopOnIdleEnd\u003etrue\u003c/StopOnIdleEnd\u003e\n \u003cRestartOnIdle\u003efalse\u003c/RestartOnIdle\u003e\n \u003c/IdleSettings\u003e\n \u003cAllowStartOnDemand\u003etrue\u003c/AllowStartOnDemand\u003e\n \u003cEnabled\u003etrue\u003c/Enabled\u003e\n \u003cHidden\u003efalse\u003c/Hidden\u003e\n \u003cRunOnlyIfIdle\u003efalse\u003c/RunOnlyIfIdle\u003e\n \u003cWakeToRun\u003efalse\u003c/WakeToRun\u003e\n \u003cExecutionTimeLimit\u003eP3D\u003c/ExecutionTimeLimit\u003e\n \u003cPriority\u003e7\u003c/Priority\u003e\n \u003c/Settings\u003e\n \u003cActions Context=\"Author\"\u003e\n \u003cExec\u003e\n \u003cCommand\u003e%windir%\\system32\\calc.exe\u003c/Command\u003e\n \u003c/Exec\u003e\n \u003c/Actions\u003e\n\u003c/Task\u003e", "TaskName": "\\test1" }, - "event_id": 4699, + "event_id": "4699", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4700.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4700.evtx.golden.json index 9f6c1049bbbe..6dddbae12c0c 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4700.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4700.evtx.golden.json @@ -7,7 +7,7 @@ "iam", "configuration" ], - "code": 4700, + "code": "4700", "kind": "event", "module": "security", "outcome": "success", @@ -43,7 +43,7 @@ "TaskContent": "\u003c?xml version=\"1.0\" encoding=\"UTF-16\"?\u003e\n\u003cTask version=\"1.2\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\"\u003e\n \u003cRegistrationInfo\u003e\n \u003cDate\u003e2020-04-01T16:34:34.574883\u003c/Date\u003e\n \u003cAuthor\u003eTEST\\at_adm\u003c/Author\u003e\n \u003c/RegistrationInfo\u003e\n \u003cTriggers\u003e\n \u003cTimeTrigger\u003e\n \u003cStartBoundary\u003e2020-04-01T16:33:41.3123848\u003c/StartBoundary\u003e\n \u003cEnabled\u003etrue\u003c/Enabled\u003e\n \u003c/TimeTrigger\u003e\n \u003c/Triggers\u003e\n \u003cPrincipals\u003e\n \u003cPrincipal id=\"Author\"\u003e\n \u003cRunLevel\u003eLeastPrivilege\u003c/RunLevel\u003e\n \u003cUserId\u003eTEST\\at_adm\u003c/UserId\u003e\n \u003cLogonType\u003eInteractiveToken\u003c/LogonType\u003e\n \u003c/Principal\u003e\n \u003c/Principals\u003e\n \u003cSettings\u003e\n \u003cMultipleInstancesPolicy\u003eIgnoreNew\u003c/MultipleInstancesPolicy\u003e\n \u003cDisallowStartIfOnBatteries\u003etrue\u003c/DisallowStartIfOnBatteries\u003e\n \u003cStopIfGoingOnBatteries\u003etrue\u003c/StopIfGoingOnBatteries\u003e\n \u003cAllowHardTerminate\u003etrue\u003c/AllowHardTerminate\u003e\n \u003cStartWhenAvailable\u003efalse\u003c/StartWhenAvailable\u003e\n \u003cRunOnlyIfNetworkAvailable\u003efalse\u003c/RunOnlyIfNetworkAvailable\u003e\n \u003cIdleSettings\u003e\n \u003cStopOnIdleEnd\u003etrue\u003c/StopOnIdleEnd\u003e\n \u003cRestartOnIdle\u003efalse\u003c/RestartOnIdle\u003e\n \u003c/IdleSettings\u003e\n \u003cAllowStartOnDemand\u003etrue\u003c/AllowStartOnDemand\u003e\n \u003cEnabled\u003etrue\u003c/Enabled\u003e\n \u003cHidden\u003efalse\u003c/Hidden\u003e\n \u003cRunOnlyIfIdle\u003efalse\u003c/RunOnlyIfIdle\u003e\n \u003cWakeToRun\u003efalse\u003c/WakeToRun\u003e\n \u003cExecutionTimeLimit\u003eP3D\u003c/ExecutionTimeLimit\u003e\n \u003cPriority\u003e7\u003c/Priority\u003e\n \u003c/Settings\u003e\n \u003cActions Context=\"Author\"\u003e\n \u003cExec\u003e\n \u003cCommand\u003e%windir%\\system32\\calc.exe\u003c/Command\u003e\n \u003c/Exec\u003e\n \u003cExec\u003e\n \u003cCommand\u003e%windir%\\system32\\mspaint.exe\u003c/Command\u003e\n \u003c/Exec\u003e\n \u003c/Actions\u003e\n\u003c/Task\u003e", "TaskName": "\\test1" }, - "event_id": 4700, + "event_id": "4700", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4701.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4701.evtx.golden.json index 5798c71db6a2..84053e9367b1 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4701.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4701.evtx.golden.json @@ -7,7 +7,7 @@ "iam", "configuration" ], - "code": 4701, + "code": "4701", "kind": "event", "module": "security", "outcome": "success", @@ -43,7 +43,7 @@ "TaskContent": "\u003c?xml version=\"1.0\" encoding=\"UTF-16\"?\u003e\n\u003cTask version=\"1.2\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\"\u003e\n \u003cRegistrationInfo\u003e\n \u003cDate\u003e2020-04-01T16:34:34.574883\u003c/Date\u003e\n \u003cAuthor\u003eTEST\\at_adm\u003c/Author\u003e\n \u003c/RegistrationInfo\u003e\n \u003cTriggers\u003e\n \u003cTimeTrigger\u003e\n \u003cStartBoundary\u003e2020-04-01T16:33:41.3123848\u003c/StartBoundary\u003e\n \u003cEnabled\u003etrue\u003c/Enabled\u003e\n \u003c/TimeTrigger\u003e\n \u003c/Triggers\u003e\n \u003cPrincipals\u003e\n \u003cPrincipal id=\"Author\"\u003e\n \u003cRunLevel\u003eLeastPrivilege\u003c/RunLevel\u003e\n \u003cUserId\u003eTEST\\at_adm\u003c/UserId\u003e\n \u003cLogonType\u003eInteractiveToken\u003c/LogonType\u003e\n \u003c/Principal\u003e\n \u003c/Principals\u003e\n \u003cSettings\u003e\n \u003cMultipleInstancesPolicy\u003eIgnoreNew\u003c/MultipleInstancesPolicy\u003e\n \u003cDisallowStartIfOnBatteries\u003etrue\u003c/DisallowStartIfOnBatteries\u003e\n \u003cStopIfGoingOnBatteries\u003etrue\u003c/StopIfGoingOnBatteries\u003e\n \u003cAllowHardTerminate\u003etrue\u003c/AllowHardTerminate\u003e\n \u003cStartWhenAvailable\u003efalse\u003c/StartWhenAvailable\u003e\n \u003cRunOnlyIfNetworkAvailable\u003efalse\u003c/RunOnlyIfNetworkAvailable\u003e\n \u003cIdleSettings\u003e\n \u003cStopOnIdleEnd\u003etrue\u003c/StopOnIdleEnd\u003e\n \u003cRestartOnIdle\u003efalse\u003c/RestartOnIdle\u003e\n \u003c/IdleSettings\u003e\n \u003cAllowStartOnDemand\u003etrue\u003c/AllowStartOnDemand\u003e\n \u003cEnabled\u003efalse\u003c/Enabled\u003e\n \u003cHidden\u003efalse\u003c/Hidden\u003e\n \u003cRunOnlyIfIdle\u003efalse\u003c/RunOnlyIfIdle\u003e\n \u003cWakeToRun\u003efalse\u003c/WakeToRun\u003e\n \u003cExecutionTimeLimit\u003eP3D\u003c/ExecutionTimeLimit\u003e\n \u003cPriority\u003e7\u003c/Priority\u003e\n \u003c/Settings\u003e\n \u003cActions Context=\"Author\"\u003e\n \u003cExec\u003e\n \u003cCommand\u003e%windir%\\system32\\calc.exe\u003c/Command\u003e\n \u003c/Exec\u003e\n \u003cExec\u003e\n \u003cCommand\u003e%windir%\\system32\\mspaint.exe\u003c/Command\u003e\n \u003c/Exec\u003e\n \u003c/Actions\u003e\n\u003c/Task\u003e", "TaskName": "\\test1" }, - "event_id": 4701, + "event_id": "4701", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4702.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4702.evtx.golden.json index 8dd278ef9e20..ff7b0391d181 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4702.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4702.evtx.golden.json @@ -7,7 +7,7 @@ "iam", "configuration" ], - "code": 4702, + "code": "4702", "kind": "event", "module": "security", "outcome": "success", @@ -43,7 +43,7 @@ "TaskContentNew": "\u003c?xml version=\"1.0\" encoding=\"UTF-16\"?\u003e\n\u003cTask version=\"1.2\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\"\u003e\n \u003cRegistrationInfo\u003e\n \u003cDate\u003e2020-04-01T16:34:34.574883\u003c/Date\u003e\n \u003cAuthor\u003eTEST\\at_adm\u003c/Author\u003e\n \u003c/RegistrationInfo\u003e\n \u003cTriggers\u003e\n \u003cTimeTrigger\u003e\n \u003cStartBoundary\u003e2020-04-01T16:33:41.3123848\u003c/StartBoundary\u003e\n \u003cEnabled\u003etrue\u003c/Enabled\u003e\n \u003c/TimeTrigger\u003e\n \u003c/Triggers\u003e\n \u003cPrincipals\u003e\n \u003cPrincipal id=\"Author\"\u003e\n \u003cRunLevel\u003eLeastPrivilege\u003c/RunLevel\u003e\n \u003cUserId\u003eTEST\\at_adm\u003c/UserId\u003e\n \u003cLogonType\u003eInteractiveToken\u003c/LogonType\u003e\n \u003c/Principal\u003e\n \u003c/Principals\u003e\n \u003cSettings\u003e\n \u003cMultipleInstancesPolicy\u003eIgnoreNew\u003c/MultipleInstancesPolicy\u003e\n \u003cDisallowStartIfOnBatteries\u003etrue\u003c/DisallowStartIfOnBatteries\u003e\n \u003cStopIfGoingOnBatteries\u003etrue\u003c/StopIfGoingOnBatteries\u003e\n \u003cAllowHardTerminate\u003etrue\u003c/AllowHardTerminate\u003e\n \u003cStartWhenAvailable\u003efalse\u003c/StartWhenAvailable\u003e\n \u003cRunOnlyIfNetworkAvailable\u003efalse\u003c/RunOnlyIfNetworkAvailable\u003e\n \u003cIdleSettings\u003e\n \u003cStopOnIdleEnd\u003etrue\u003c/StopOnIdleEnd\u003e\n \u003cRestartOnIdle\u003efalse\u003c/RestartOnIdle\u003e\n \u003c/IdleSettings\u003e\n \u003cAllowStartOnDemand\u003etrue\u003c/AllowStartOnDemand\u003e\n \u003cEnabled\u003etrue\u003c/Enabled\u003e\n \u003cHidden\u003efalse\u003c/Hidden\u003e\n \u003cRunOnlyIfIdle\u003efalse\u003c/RunOnlyIfIdle\u003e\n \u003cWakeToRun\u003efalse\u003c/WakeToRun\u003e\n \u003cExecutionTimeLimit\u003eP3D\u003c/ExecutionTimeLimit\u003e\n \u003cPriority\u003e7\u003c/Priority\u003e\n \u003c/Settings\u003e\n \u003cActions Context=\"Author\"\u003e\n \u003cExec\u003e\n \u003cCommand\u003e%windir%\\system32\\calc.exe\u003c/Command\u003e\n \u003c/Exec\u003e\n \u003c/Actions\u003e\n\u003c/Task\u003e", "TaskName": "\\test1" }, - "event_id": 4702, + "event_id": "4702", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4768.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4768.evtx.golden.json index 78815aa89b6a..e2c20d00775e 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4768.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4768.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "authentication" ], - "code": 4768, + "code": "4768", "kind": "event", "module": "security", "outcome": "success", @@ -55,7 +55,7 @@ "Forwardable" ] }, - "event_id": 4768, + "event_id": "4768", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4769.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4769.evtx.golden.json index 19ad0578a38c..d9035b801162 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4769.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4769.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "authentication" ], - "code": 4769, + "code": "4769", "kind": "event", "module": "security", "outcome": "success", @@ -54,7 +54,7 @@ ], "TransmittedServices": "-" }, - "event_id": 4769, + "event_id": "4769", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4770.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4770.evtx.golden.json index 7e890105cc49..c5d65a65debb 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4770.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4770.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "authentication" ], - "code": 4770, + "code": "4770", "kind": "event", "module": "security", "outcome": "success", @@ -49,7 +49,7 @@ "Name-canonicalize" ] }, - "event_id": 4770, + "event_id": "4770", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4771.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4771.evtx.golden.json index 977ea0fe1168..37ac84f9b32f 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4771.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4771.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "authentication" ], - "code": 4771, + "code": "4771", "kind": "event", "module": "security", "outcome": "failure", @@ -51,7 +51,7 @@ "Forwardable" ] }, - "event_id": 4771, + "event_id": "4771", "keywords": [ "Audit Failure" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4776.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4776.evtx.golden.json index 111da01ab3c7..1c6fd4532754 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4776.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4776.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "authentication" ], - "code": 4776, + "code": "4776", "kind": "event", "module": "security", "outcome": "success", @@ -37,7 +37,7 @@ "TargetUserName": "at_adm", "Workstation": "EQP01777" }, - "event_id": 4776, + "event_id": "4776", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4778.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4778.evtx.golden.json index 8f3d01584d63..54160cc68e94 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4778.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4778.evtx.golden.json @@ -7,7 +7,7 @@ "authentication", "session" ], - "code": 4778, + "code": "4778", "kind": "event", "module": "security", "outcome": "success", @@ -46,7 +46,7 @@ "LogonID": "0x76fea87", "SessionName": "RDP-Tcp#127" }, - "event_id": 4778, + "event_id": "4778", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4779.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4779.evtx.golden.json index 0c8fb8171a06..7f753b7e5fef 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4779.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2012_4779.evtx.golden.json @@ -7,7 +7,7 @@ "authentication", "session" ], - "code": 4779, + "code": "4779", "kind": "event", "module": "security", "outcome": "success", @@ -46,7 +46,7 @@ "LogonID": "0x60d1ccb", "SessionName": "RDP-Tcp#116" }, - "event_id": 4779, + "event_id": "4779", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2012r2-logon.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2012r2-logon.evtx.golden.json index cb0d6220a4ed..745498c40d1a 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2012r2-logon.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2012r2-logon.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "authentication" ], - "code": 4624, + "code": "4624", "kind": "event", "module": "security", "outcome": "success", @@ -61,7 +61,7 @@ "TargetUserSid": "S-1-5-18", "TransmittedServices": "-" }, - "event_id": 4624, + "event_id": "4624", "keywords": [ "Audit Success" ], @@ -90,7 +90,7 @@ "category": [ "authentication" ], - "code": 4624, + "code": "4624", "kind": "event", "module": "security", "outcome": "success", @@ -145,7 +145,7 @@ "TargetUserSid": "S-1-5-18", "TransmittedServices": "-" }, - "event_id": 4624, + "event_id": "4624", "keywords": [ "Audit Success" ], @@ -174,7 +174,7 @@ "category": [ "authentication" ], - "code": 4624, + "code": "4624", "kind": "event", "module": "security", "outcome": "success", @@ -232,7 +232,7 @@ "TargetUserSid": "S-1-5-21-3541430928-2051711210-1391384369-1001", "TransmittedServices": "-" }, - "event_id": 4624, + "event_id": "4624", "keywords": [ "Audit Success" ], @@ -261,7 +261,7 @@ "category": [ "authentication" ], - "code": 4624, + "code": "4624", "kind": "event", "module": "security", "outcome": "success", @@ -316,7 +316,7 @@ "TargetUserSid": "S-1-5-18", "TransmittedServices": "-" }, - "event_id": 4624, + "event_id": "4624", "keywords": [ "Audit Success" ], @@ -345,7 +345,7 @@ "category": [ "authentication" ], - "code": 4624, + "code": "4624", "kind": "event", "module": "security", "outcome": "success", @@ -397,7 +397,7 @@ "TargetUserSid": "S-1-5-7", "TransmittedServices": "-" }, - "event_id": 4624, + "event_id": "4624", "keywords": [ "Audit Success" ], @@ -426,7 +426,7 @@ "category": [ "authentication" ], - "code": 4624, + "code": "4624", "kind": "event", "module": "security", "outcome": "success", @@ -478,7 +478,7 @@ "TargetUserSid": "S-1-5-21-3541430928-2051711210-1391384369-1001", "TransmittedServices": "-" }, - "event_id": 4624, + "event_id": "4624", "keywords": [ "Audit Success" ], @@ -507,7 +507,7 @@ "category": [ "authentication" ], - "code": 4624, + "code": "4624", "kind": "event", "module": "security", "outcome": "success", @@ -559,7 +559,7 @@ "TargetUserSid": "S-1-5-21-3541430928-2051711210-1391384369-1001", "TransmittedServices": "-" }, - "event_id": 4624, + "event_id": "4624", "keywords": [ "Audit Success" ], @@ -588,7 +588,7 @@ "category": [ "authentication" ], - "code": 4624, + "code": "4624", "kind": "event", "module": "security", "outcome": "success", @@ -640,7 +640,7 @@ "TargetUserSid": "S-1-5-21-3541430928-2051711210-1391384369-1001", "TransmittedServices": "-" }, - "event_id": 4624, + "event_id": "4624", "keywords": [ "Audit Success" ], @@ -669,7 +669,7 @@ "category": [ "authentication" ], - "code": 4624, + "code": "4624", "kind": "event", "module": "security", "outcome": "success", @@ -724,7 +724,7 @@ "TargetUserSid": "S-1-5-21-3541430928-2051711210-1391384369-1001", "TransmittedServices": "-" }, - "event_id": 4624, + "event_id": "4624", "keywords": [ "Audit Success" ], @@ -753,7 +753,7 @@ "category": [ "authentication" ], - "code": 4624, + "code": "4624", "kind": "event", "module": "security", "outcome": "success", @@ -808,7 +808,7 @@ "TargetUserSid": "S-1-5-90-2", "TransmittedServices": "-" }, - "event_id": 4624, + "event_id": "4624", "keywords": [ "Audit Success" ], @@ -837,7 +837,7 @@ "category": [ "authentication" ], - "code": 4624, + "code": "4624", "kind": "event", "module": "security", "outcome": "success", @@ -895,7 +895,7 @@ "TargetUserSid": "S-1-5-21-3541430928-2051711210-1391384369-1001", "TransmittedServices": "-" }, - "event_id": 4624, + "event_id": "4624", "keywords": [ "Audit Success" ], @@ -924,7 +924,7 @@ "category": [ "authentication" ], - "code": 4624, + "code": "4624", "kind": "event", "module": "security", "outcome": "success", @@ -979,7 +979,7 @@ "TargetUserSid": "S-1-5-90-3", "TransmittedServices": "-" }, - "event_id": 4624, + "event_id": "4624", "keywords": [ "Audit Success" ], @@ -1008,7 +1008,7 @@ "category": [ "authentication" ], - "code": 4624, + "code": "4624", "kind": "event", "module": "security", "outcome": "success", @@ -1063,7 +1063,7 @@ "TargetUserSid": "S-1-5-18", "TransmittedServices": "-" }, - "event_id": 4624, + "event_id": "4624", "keywords": [ "Audit Success" ], @@ -1092,7 +1092,7 @@ "category": [ "authentication" ], - "code": 4624, + "code": "4624", "kind": "event", "module": "security", "outcome": "success", @@ -1147,7 +1147,7 @@ "TargetUserSid": "S-1-5-18", "TransmittedServices": "-" }, - "event_id": 4624, + "event_id": "4624", "keywords": [ "Audit Success" ], @@ -1176,7 +1176,7 @@ "category": [ "authentication" ], - "code": 4624, + "code": "4624", "kind": "event", "module": "security", "outcome": "success", @@ -1231,7 +1231,7 @@ "TargetUserSid": "S-1-5-18", "TransmittedServices": "-" }, - "event_id": 4624, + "event_id": "4624", "keywords": [ "Audit Success" ], @@ -1260,7 +1260,7 @@ "category": [ "authentication" ], - "code": 4624, + "code": "4624", "kind": "event", "module": "security", "outcome": "success", @@ -1315,7 +1315,7 @@ "TargetUserSid": "S-1-5-18", "TransmittedServices": "-" }, - "event_id": 4624, + "event_id": "4624", "keywords": [ "Audit Success" ], @@ -1344,7 +1344,7 @@ "category": [ "authentication" ], - "code": 4624, + "code": "4624", "kind": "event", "module": "security", "outcome": "success", @@ -1399,7 +1399,7 @@ "TargetUserSid": "S-1-5-18", "TransmittedServices": "-" }, - "event_id": 4624, + "event_id": "4624", "keywords": [ "Audit Success" ], @@ -1428,7 +1428,7 @@ "category": [ "authentication" ], - "code": 4625, + "code": "4625", "kind": "event", "module": "security", "outcome": "failure", @@ -1483,7 +1483,7 @@ "TargetUserSid": "S-1-0-0", "TransmittedServices": "-" }, - "event_id": 4625, + "event_id": "4625", "keywords": [ "Audit Failure" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016-4672.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016-4672.evtx.golden.json index fe0c76dc0837..067fd84a0928 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016-4672.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016-4672.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "iam" ], - "code": 4672, + "code": "4672", "kind": "event", "module": "security", "outcome": "success", @@ -51,7 +51,7 @@ "SubjectUserName": "vagrant", "SubjectUserSid": "S-1-5-21-1766348727-1038078804-3833492317-1000" }, - "event_id": 4672, + "event_id": "4672", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016-logoff.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016-logoff.evtx.golden.json index 72a161d6eaf5..58ee48a1620e 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016-logoff.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016-logoff.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "authentication" ], - "code": 4634, + "code": "4634", "kind": "event", "module": "security", "outcome": "success", @@ -40,7 +40,7 @@ "TargetUserName": "audittest", "TargetUserSid": "S-1-5-21-101361758-2486510592-3018839910-1000" }, - "event_id": 4634, + "event_id": "4634", "keywords": [ "Audit Success" ], @@ -68,7 +68,7 @@ "category": [ "authentication" ], - "code": 4634, + "code": "4634", "kind": "event", "module": "security", "outcome": "success", @@ -102,7 +102,7 @@ "TargetUserName": "Administrator", "TargetUserSid": "S-1-5-21-101361758-2486510592-3018839910-500" }, - "event_id": 4634, + "event_id": "4634", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4720_Account_Created.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4720_Account_Created.evtx.golden.json index 88e4fe059916..57911917d9b4 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4720_Account_Created.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4720_Account_Created.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "iam" ], - "code": 4720, + "code": "4720", "kind": "event", "module": "security", "outcome": "success", @@ -74,7 +74,7 @@ "UserPrincipalName": "-", "UserWorkstations": "%%1793" }, - "event_id": 4720, + "event_id": "4720", "keywords": [ "Audit Success" ], @@ -101,7 +101,7 @@ "category": [ "iam" ], - "code": 4720, + "code": "4720", "kind": "event", "module": "security", "outcome": "success", @@ -169,7 +169,7 @@ "UserPrincipalName": "-", "UserWorkstations": "%%1793" }, - "event_id": 4720, + "event_id": "4720", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4722_Account_Enabled.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4722_Account_Enabled.evtx.golden.json index 2b4af852c53d..c2ae405fbe2d 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4722_Account_Enabled.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4722_Account_Enabled.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "iam" ], - "code": 4722, + "code": "4722", "kind": "event", "module": "security", "outcome": "success", @@ -47,7 +47,7 @@ "TargetSid": "S-1-5-21-101361758-2486510592-3018839910-1000", "TargetUserName": "audittest" }, - "event_id": 4722, + "event_id": "4722", "keywords": [ "Audit Success" ], @@ -74,7 +74,7 @@ "category": [ "iam" ], - "code": 4722, + "code": "4722", "kind": "event", "module": "security", "outcome": "success", @@ -115,7 +115,7 @@ "TargetSid": "S-1-5-21-101361758-2486510592-3018839910-1006", "TargetUserName": "audittest0609" }, - "event_id": 4722, + "event_id": "4722", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4723_Password_Change.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4723_Password_Change.evtx.golden.json index 9c53925a5d17..aec326c4990f 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4723_Password_Change.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4723_Password_Change.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "iam" ], - "code": 4723, + "code": "4723", "kind": "event", "module": "security", "outcome": "failure", @@ -45,7 +45,7 @@ "TargetSid": "S-1-5-21-101361758-2486510592-3018839910-500", "TargetUserName": "Administrator" }, - "event_id": 4723, + "event_id": "4723", "keywords": [ "Audit Failure" ], @@ -72,7 +72,7 @@ "category": [ "iam" ], - "code": 4723, + "code": "4723", "kind": "event", "module": "security", "outcome": "success", @@ -111,7 +111,7 @@ "TargetSid": "S-1-5-21-101361758-2486510592-3018839910-500", "TargetUserName": "Administrator" }, - "event_id": 4723, + "event_id": "4723", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4724_Password_Reset.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4724_Password_Reset.evtx.golden.json index 2aac136b15f0..c77b35a2bceb 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4724_Password_Reset.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4724_Password_Reset.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "iam" ], - "code": 4724, + "code": "4724", "kind": "event", "module": "security", "outcome": "success", @@ -47,7 +47,7 @@ "TargetSid": "S-1-5-21-101361758-2486510592-3018839910-1005", "TargetUserName": "elastictest1" }, - "event_id": 4724, + "event_id": "4724", "keywords": [ "Audit Success" ], @@ -74,7 +74,7 @@ "category": [ "iam" ], - "code": 4724, + "code": "4724", "kind": "event", "module": "security", "outcome": "success", @@ -115,7 +115,7 @@ "TargetSid": "S-1-5-21-101361758-2486510592-3018839910-1006", "TargetUserName": "audittest0609" }, - "event_id": 4724, + "event_id": "4724", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4725_Account_Disabled.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4725_Account_Disabled.evtx.golden.json index a834eb4cdda6..1acefb2632e4 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4725_Account_Disabled.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4725_Account_Disabled.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "iam" ], - "code": 4725, + "code": "4725", "kind": "event", "module": "security", "outcome": "success", @@ -47,7 +47,7 @@ "TargetSid": "S-1-5-21-101361758-2486510592-3018839910-1000", "TargetUserName": "audittest" }, - "event_id": 4725, + "event_id": "4725", "keywords": [ "Audit Success" ], @@ -74,7 +74,7 @@ "category": [ "iam" ], - "code": 4725, + "code": "4725", "kind": "event", "module": "security", "outcome": "success", @@ -115,7 +115,7 @@ "TargetSid": "S-1-5-21-101361758-2486510592-3018839910-1006", "TargetUserName": "audittest0609" }, - "event_id": 4725, + "event_id": "4725", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4726_Account_Deleted.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4726_Account_Deleted.evtx.golden.json index a896e204b239..113921ddf116 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4726_Account_Deleted.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4726_Account_Deleted.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "iam" ], - "code": 4726, + "code": "4726", "kind": "event", "module": "security", "outcome": "success", @@ -48,7 +48,7 @@ "TargetSid": "S-1-5-21-101361758-2486510592-3018839910-1001", "TargetUserName": "audittest23" }, - "event_id": 4726, + "event_id": "4726", "keywords": [ "Audit Success" ], @@ -75,7 +75,7 @@ "category": [ "iam" ], - "code": 4726, + "code": "4726", "kind": "event", "module": "security", "outcome": "success", @@ -117,7 +117,7 @@ "TargetSid": "S-1-5-21-101361758-2486510592-3018839910-1000", "TargetUserName": "audittest" }, - "event_id": 4726, + "event_id": "4726", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4727.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4727.evtx.golden.json index cdd1450d86c4..b0d74712ed98 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4727.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4727.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "iam" ], - "code": 4727, + "code": "4727", "kind": "event", "module": "security", "outcome": "success", @@ -51,7 +51,7 @@ "TargetSid": "S-1-5-21-101361758-2486510592-3018839910-1110", "TargetUserName": "DnsUpdateProxy" }, - "event_id": 4727, + "event_id": "4727", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4728.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4728.evtx.golden.json index c7e1105ac1cf..56f68012be81 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4728.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4728.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "iam" ], - "code": 4728, + "code": "4728", "kind": "event", "module": "security", "outcome": "success", @@ -59,7 +59,7 @@ "TargetSid": "S-1-5-21-101361758-2486510592-3018839910-1112", "TargetUserName": "test_group2" }, - "event_id": 4728, + "event_id": "4728", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4729.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4729.evtx.golden.json index c9bf1f239694..e8700a9ab47e 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4729.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4729.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "iam" ], - "code": 4729, + "code": "4729", "kind": "event", "module": "security", "outcome": "success", @@ -59,7 +59,7 @@ "TargetSid": "S-1-5-21-101361758-2486510592-3018839910-1112", "TargetUserName": "test_group2v2" }, - "event_id": 4729, + "event_id": "4729", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4730.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4730.evtx.golden.json index 0c22e3a226d4..bd9445230a33 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4730.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4730.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "iam" ], - "code": 4730, + "code": "4730", "kind": "event", "module": "security", "outcome": "success", @@ -49,7 +49,7 @@ "TargetSid": "S-1-5-21-101361758-2486510592-3018839910-1112", "TargetUserName": "test_group2v2" }, - "event_id": 4730, + "event_id": "4730", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4731.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4731.evtx.golden.json index dfd76b52414f..cc5d78683007 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4731.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4731.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "iam" ], - "code": 4731, + "code": "4731", "kind": "event", "module": "security", "outcome": "success", @@ -51,7 +51,7 @@ "TargetSid": "S-1-5-21-101361758-2486510592-3018839910-1111", "TargetUserName": "test_group1" }, - "event_id": 4731, + "event_id": "4731", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4732.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4732.evtx.golden.json index 3768dc8e845b..e25f589d6ab2 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4732.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4732.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "iam" ], - "code": 4732, + "code": "4732", "kind": "event", "module": "security", "outcome": "success", @@ -59,7 +59,7 @@ "TargetSid": "S-1-5-21-101361758-2486510592-3018839910-1111", "TargetUserName": "test_group1" }, - "event_id": 4732, + "event_id": "4732", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4733.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4733.evtx.golden.json index 43dafddae907..2c2db1bcc5aa 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4733.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4733.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "iam" ], - "code": 4733, + "code": "4733", "kind": "event", "module": "security", "outcome": "success", @@ -59,7 +59,7 @@ "TargetSid": "S-1-5-21-101361758-2486510592-3018839910-1111", "TargetUserName": "test_group1" }, - "event_id": 4733, + "event_id": "4733", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4734.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4734.evtx.golden.json index 24089b7f65cc..1831a5920094 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4734.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4734.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "iam" ], - "code": 4734, + "code": "4734", "kind": "event", "module": "security", "outcome": "success", @@ -49,7 +49,7 @@ "TargetSid": "S-1-5-21-101361758-2486510592-3018839910-1111", "TargetUserName": "test_group1v1" }, - "event_id": 4734, + "event_id": "4734", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4735.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4735.evtx.golden.json index 37c7ec70a687..019d650e0009 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4735.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4735.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "iam" ], - "code": 4735, + "code": "4735", "kind": "event", "module": "security", "outcome": "success", @@ -51,7 +51,7 @@ "TargetSid": "S-1-5-21-101361758-2486510592-3018839910-1111", "TargetUserName": "test_group1v1" }, - "event_id": 4735, + "event_id": "4735", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4737.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4737.evtx.golden.json index 0eb1d5a9b482..8009d1985370 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4737.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4737.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "iam" ], - "code": 4737, + "code": "4737", "kind": "event", "module": "security", "outcome": "success", @@ -51,7 +51,7 @@ "TargetSid": "S-1-5-21-101361758-2486510592-3018839910-1112", "TargetUserName": "test_group2v2" }, - "event_id": 4737, + "event_id": "4737", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4738_Account_Changed.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4738_Account_Changed.evtx.golden.json index b5d06e4abefb..f32e127117b7 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4738_Account_Changed.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4738_Account_Changed.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "iam" ], - "code": 4738, + "code": "4738", "kind": "event", "module": "security", "outcome": "success", @@ -73,7 +73,7 @@ "UserPrincipalName": "-", "UserWorkstations": "%%1793" }, - "event_id": 4738, + "event_id": "4738", "keywords": [ "Audit Success" ], @@ -100,7 +100,7 @@ "category": [ "iam" ], - "code": 4738, + "code": "4738", "kind": "event", "module": "security", "outcome": "success", @@ -167,7 +167,7 @@ "UserPrincipalName": "-", "UserWorkstations": "%%1793" }, - "event_id": 4738, + "event_id": "4738", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4740_Account_Locked_Out.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4740_Account_Locked_Out.evtx.golden.json index 5a867b707c67..6dc0514e838a 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4740_Account_Locked_Out.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4740_Account_Locked_Out.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "iam" ], - "code": 4740, + "code": "4740", "kind": "event", "module": "security", "outcome": "success", @@ -47,7 +47,7 @@ "TargetSid": "S-1-5-21-101361758-2486510592-3018839910-1005", "TargetUserName": "elastictest1" }, - "event_id": 4740, + "event_id": "4740", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4754.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4754.evtx.golden.json index 63dd5670366d..6e6839ba3808 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4754.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4754.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "iam" ], - "code": 4754, + "code": "4754", "kind": "event", "module": "security", "outcome": "success", @@ -51,7 +51,7 @@ "TargetSid": "S-1-5-21-101361758-2486510592-3018839910-1113", "TargetUserName": "Test_group3" }, - "event_id": 4754, + "event_id": "4754", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4755.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4755.evtx.golden.json index 22a5fd75508c..c5102a887013 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4755.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4755.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "iam" ], - "code": 4755, + "code": "4755", "kind": "event", "module": "security", "outcome": "success", @@ -51,7 +51,7 @@ "TargetSid": "S-1-5-21-101361758-2486510592-3018839910-1113", "TargetUserName": "Test_group3v2" }, - "event_id": 4755, + "event_id": "4755", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4756.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4756.evtx.golden.json index 3402221270b1..f9ac68771e9a 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4756.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4756.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "iam" ], - "code": 4756, + "code": "4756", "kind": "event", "module": "security", "outcome": "success", @@ -59,7 +59,7 @@ "TargetSid": "S-1-5-21-101361758-2486510592-3018839910-1113", "TargetUserName": "Test_group3v2" }, - "event_id": 4756, + "event_id": "4756", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4757.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4757.evtx.golden.json index 765601106302..b4a7d4639c9a 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4757.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4757.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "iam" ], - "code": 4757, + "code": "4757", "kind": "event", "module": "security", "outcome": "success", @@ -59,7 +59,7 @@ "TargetSid": "S-1-5-21-101361758-2486510592-3018839910-1113", "TargetUserName": "Test_group3v2" }, - "event_id": 4757, + "event_id": "4757", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4758.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4758.evtx.golden.json index 54dd5ddcf7eb..65df4a27ada5 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4758.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4758.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "iam" ], - "code": 4758, + "code": "4758", "kind": "event", "module": "security", "outcome": "success", @@ -49,7 +49,7 @@ "TargetSid": "S-1-5-21-101361758-2486510592-3018839910-1113", "TargetUserName": "Test_group3v2" }, - "event_id": 4758, + "event_id": "4758", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4764.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4764.evtx.golden.json index ff37d5288886..76d78d4ff4e3 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4764.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4764.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "iam" ], - "code": 4764, + "code": "4764", "kind": "event", "module": "security", "outcome": "success", @@ -50,7 +50,7 @@ "TargetSid": "S-1-5-21-101361758-2486510592-3018839910-1112", "TargetUserName": "test_group2v2" }, - "event_id": 4764, + "event_id": "4764", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4767_Account_Unlocked.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4767_Account_Unlocked.evtx.golden.json index a11942a3d7e7..c4bfe8b056f2 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4767_Account_Unlocked.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4767_Account_Unlocked.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "iam" ], - "code": 4767, + "code": "4767", "kind": "event", "module": "security", "outcome": "success", @@ -47,7 +47,7 @@ "TargetSid": "S-1-5-21-101361758-2486510592-3018839910-1005", "TargetUserName": "elastictest1" }, - "event_id": 4767, + "event_id": "4767", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4781_Account_Renamed.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4781_Account_Renamed.evtx.golden.json index 546c70cd36b7..91b49e271f61 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4781_Account_Renamed.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4781_Account_Renamed.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "iam" ], - "code": 4781, + "code": "4781", "kind": "event", "module": "security", "outcome": "success", @@ -50,7 +50,7 @@ "TargetDomainName": "WIN-41OB2LO92CR", "TargetSid": "S-1-5-21-101361758-2486510592-3018839910-1006" }, - "event_id": 4781, + "event_id": "4781", "keywords": [ "Audit Success" ], @@ -77,7 +77,7 @@ "category": [ "iam" ], - "code": 4781, + "code": "4781", "kind": "event", "module": "security", "outcome": "success", @@ -121,7 +121,7 @@ "TargetDomainName": "WIN-41OB2LO92CR", "TargetSid": "S-1-5-21-101361758-2486510592-3018839910-1006" }, - "event_id": 4781, + "event_id": "4781", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4798.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4798.evtx.golden.json index 2e8dcf775985..655861b92d78 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4798.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4798.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "iam" ], - "code": 4798, + "code": "4798", "kind": "event", "module": "security", "outcome": "success", @@ -49,7 +49,7 @@ "TargetSid": "S-1-5-21-101361758-2486510592-3018839910-1005", "TargetUserName": "elastictest1" }, - "event_id": 4798, + "event_id": "4798", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4799.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4799.evtx.golden.json index caca7eca7f2e..58c1703e50d3 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4799.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4799.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "iam" ], - "code": 4799, + "code": "4799", "kind": "event", "module": "security", "outcome": "success", @@ -51,7 +51,7 @@ "TargetSid": "S-1-5-32-544", "TargetUserName": "Administrators" }, - "event_id": 4799, + "event_id": "4799", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4964.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4964.evtx.golden.json index 77d31878e9b3..167c80da0b1e 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4964.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2016_4964.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "iam" ], - "code": 4964, + "code": "4964", "kind": "event", "module": "security", "outcome": "success", @@ -48,7 +48,7 @@ "TargetUserName": "Administrator", "TargetUserSid": "S-1-5-21-101361758-2486510592-3018839910-500" }, - "event_id": 4964, + "event_id": "4964", "keywords": [ "Audit Success" ], @@ -75,7 +75,7 @@ "category": [ "iam" ], - "code": 4964, + "code": "4964", "kind": "event", "module": "security", "outcome": "success", @@ -117,7 +117,7 @@ "TargetUserName": "Administrator", "TargetUserSid": "S-1-5-21-101361758-2486510592-3018839910-500" }, - "event_id": 4964, + "event_id": "4964", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2019_4688_Process_Created.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2019_4688_Process_Created.evtx.golden.json index 2b580ce40bae..309f889abb54 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2019_4688_Process_Created.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2019_4688_Process_Created.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "process" ], - "code": 4688, + "code": "4688", "kind": "event", "module": "security", "outcome": "success", @@ -62,7 +62,7 @@ "TargetUserSid": "S-1-0-0", "TokenElevationType": "%%1937" }, - "event_id": 4688, + "event_id": "4688", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/security/test/testdata/security-windows2019_4689_Process_Exited.evtx.golden.json b/x-pack/winlogbeat/module/security/test/testdata/security-windows2019_4689_Process_Exited.evtx.golden.json index cbea0955913f..5e20ec050f6d 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/security-windows2019_4689_Process_Exited.evtx.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/security-windows2019_4689_Process_Exited.evtx.golden.json @@ -6,7 +6,7 @@ "category": [ "process" ], - "code": 4689, + "code": "4689", "kind": "event", "module": "security", "outcome": "success", @@ -45,7 +45,7 @@ "SubjectUserName": "vagrant", "SubjectUserSid": "S-1-5-21-1610636575-2290000098-1654242922-1000" }, - "event_id": 4689, + "event_id": "4689", "keywords": [ "Audit Success" ], @@ -72,7 +72,7 @@ "category": [ "process" ], - "code": 4689, + "code": "4689", "kind": "event", "module": "security", "outcome": "success", @@ -111,7 +111,7 @@ "SubjectUserName": "vagrant", "SubjectUserSid": "S-1-5-21-1610636575-2290000098-1654242922-1000" }, - "event_id": 4689, + "event_id": "4689", "keywords": [ "Audit Success" ], @@ -138,7 +138,7 @@ "category": [ "process" ], - "code": 4689, + "code": "4689", "kind": "event", "module": "security", "outcome": "success", @@ -177,7 +177,7 @@ "SubjectUserName": "vagrant", "SubjectUserSid": "S-1-5-21-1610636575-2290000098-1654242922-1000" }, - "event_id": 4689, + "event_id": "4689", "keywords": [ "Audit Success" ], diff --git a/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-10.2-dns.evtx.golden.json b/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-10.2-dns.evtx.golden.json index 232428a8ba5d..09d44c965d06 100644 --- a/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-10.2-dns.evtx.golden.json +++ b/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-10.2-dns.evtx.golden.json @@ -30,7 +30,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -64,7 +64,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -111,7 +111,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -145,7 +145,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -193,7 +193,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -227,7 +227,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -279,7 +279,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -313,7 +313,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -360,7 +360,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -394,7 +394,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -447,7 +447,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -481,7 +481,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -524,7 +524,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -558,7 +558,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -610,7 +610,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -644,7 +644,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -683,7 +683,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -717,7 +717,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -772,7 +772,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -806,7 +806,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -893,7 +893,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -927,7 +927,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -970,7 +970,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -1004,7 +1004,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -1051,7 +1051,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -1085,7 +1085,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -1137,7 +1137,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -1171,7 +1171,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -1210,7 +1210,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -1244,7 +1244,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -1297,7 +1297,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -1331,7 +1331,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -1378,7 +1378,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -1412,7 +1412,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -1459,7 +1459,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -1493,7 +1493,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -1567,7 +1567,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -1601,7 +1601,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -1654,7 +1654,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -1688,7 +1688,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -1787,7 +1787,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -1821,7 +1821,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -1908,7 +1908,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -1942,7 +1942,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -2034,7 +2034,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -2068,7 +2068,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -2125,7 +2125,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -2159,7 +2159,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -2253,7 +2253,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -2287,7 +2287,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -2384,7 +2384,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -2418,7 +2418,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -2461,7 +2461,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -2495,7 +2495,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -2583,7 +2583,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -2617,7 +2617,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -2664,7 +2664,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -2698,7 +2698,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -2786,7 +2786,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -2820,7 +2820,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -2863,7 +2863,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -2897,7 +2897,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -2940,7 +2940,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -2974,7 +2974,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -3056,7 +3056,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -3090,7 +3090,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -3161,7 +3161,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -3195,7 +3195,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -3238,7 +3238,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -3272,7 +3272,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -3350,7 +3350,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -3384,7 +3384,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -3477,7 +3477,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -3511,7 +3511,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -3605,7 +3605,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -3639,7 +3639,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -3682,7 +3682,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -3716,7 +3716,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -3809,7 +3809,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -3843,7 +3843,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -3930,7 +3930,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -3964,7 +3964,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -4007,7 +4007,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -4041,7 +4041,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -4080,7 +4080,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -4114,7 +4114,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -4170,7 +4170,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -4204,7 +4204,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -4287,7 +4287,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -4321,7 +4321,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -4408,7 +4408,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -4442,7 +4442,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -4493,7 +4493,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -4527,7 +4527,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -4621,7 +4621,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -4655,7 +4655,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -4707,7 +4707,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -4741,7 +4741,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -4813,7 +4813,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -4847,7 +4847,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -4894,7 +4894,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -4928,7 +4928,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -4971,7 +4971,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -5005,7 +5005,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -5035,7 +5035,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -5069,7 +5069,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -5099,7 +5099,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -5133,7 +5133,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -5221,7 +5221,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -5255,7 +5255,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -5307,7 +5307,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -5341,7 +5341,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -5384,7 +5384,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -5418,7 +5418,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -5506,7 +5506,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -5540,7 +5540,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -5592,7 +5592,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -5626,7 +5626,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -5714,7 +5714,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -5748,7 +5748,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -5791,7 +5791,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -5825,7 +5825,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -5883,7 +5883,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -5917,7 +5917,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -5975,7 +5975,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -6009,7 +6009,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -6053,7 +6053,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -6087,7 +6087,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -6175,7 +6175,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -6209,7 +6209,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -6302,7 +6302,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -6336,7 +6336,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -6430,7 +6430,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -6464,7 +6464,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -6552,7 +6552,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -6586,7 +6586,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -6638,7 +6638,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -6672,7 +6672,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -6730,7 +6730,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -6764,7 +6764,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -6807,7 +6807,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -6841,7 +6841,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -6929,7 +6929,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -6963,7 +6963,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -7061,7 +7061,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -7095,7 +7095,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -7182,7 +7182,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -7216,7 +7216,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -7263,7 +7263,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -7297,7 +7297,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -7390,7 +7390,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -7424,7 +7424,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -7471,7 +7471,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -7505,7 +7505,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -7598,7 +7598,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -7632,7 +7632,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -7720,7 +7720,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -7754,7 +7754,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -7820,7 +7820,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -7854,7 +7854,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -7948,7 +7948,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -7982,7 +7982,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -8050,7 +8050,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -8084,7 +8084,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -8123,7 +8123,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -8157,7 +8157,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -8245,7 +8245,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -8279,7 +8279,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -8337,7 +8337,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -8371,7 +8371,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -8409,7 +8409,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -8443,7 +8443,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -8531,7 +8531,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -8565,7 +8565,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -8654,7 +8654,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -8688,7 +8688,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -8756,7 +8756,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -8790,7 +8790,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -8878,7 +8878,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -8912,7 +8912,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -8989,7 +8989,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -9023,7 +9023,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -9100,7 +9100,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -9134,7 +9134,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -9232,7 +9232,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -9266,7 +9266,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -9355,7 +9355,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -9389,7 +9389,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -9471,7 +9471,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -9505,7 +9505,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -9593,7 +9593,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -9627,7 +9627,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -9715,7 +9715,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -9749,7 +9749,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -9796,7 +9796,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -9830,7 +9830,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -9916,7 +9916,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -9950,7 +9950,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -9997,7 +9997,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -10031,7 +10031,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -10089,7 +10089,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -10123,7 +10123,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -10171,7 +10171,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -10205,7 +10205,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -10253,7 +10253,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -10287,7 +10287,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -10334,7 +10334,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -10368,7 +10368,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -10416,7 +10416,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -10450,7 +10450,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -10493,7 +10493,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -10527,7 +10527,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -10579,7 +10579,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -10613,7 +10613,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -10660,7 +10660,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -10694,7 +10694,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -10745,7 +10745,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -10779,7 +10779,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -10826,7 +10826,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -10860,7 +10860,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -10907,7 +10907,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -10941,7 +10941,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -10988,7 +10988,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -11022,7 +11022,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -11116,7 +11116,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -11150,7 +11150,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -11208,7 +11208,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -11242,7 +11242,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -11291,7 +11291,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -11325,7 +11325,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -11414,7 +11414,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -11448,7 +11448,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -11487,7 +11487,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -11521,7 +11521,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -11568,7 +11568,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -11602,7 +11602,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -11695,7 +11695,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -11729,7 +11729,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -11772,7 +11772,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -11806,7 +11806,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -11853,7 +11853,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -11887,7 +11887,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -11978,7 +11978,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -12012,7 +12012,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -12109,7 +12109,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -12143,7 +12143,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -12190,7 +12190,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -12224,7 +12224,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -12317,7 +12317,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -12351,7 +12351,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -12445,7 +12445,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -12479,7 +12479,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -12568,7 +12568,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -12602,7 +12602,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -12686,7 +12686,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -12720,7 +12720,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -12814,7 +12814,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -12848,7 +12848,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -13146,7 +13146,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -13180,7 +13180,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -13288,7 +13288,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -13322,7 +13322,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -13365,7 +13365,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -13399,7 +13399,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -13450,7 +13450,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -13484,7 +13484,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -13514,7 +13514,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -13548,7 +13548,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -13595,7 +13595,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -13629,7 +13629,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -13723,7 +13723,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -13757,7 +13757,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -13851,7 +13851,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -13885,7 +13885,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -13932,7 +13932,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -13966,7 +13966,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -14054,7 +14054,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -14088,7 +14088,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -14176,7 +14176,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -14210,7 +14210,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -14297,7 +14297,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -14331,7 +14331,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -14407,7 +14407,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -14441,7 +14441,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -14488,7 +14488,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -14522,7 +14522,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -14569,7 +14569,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -14603,7 +14603,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -14691,7 +14691,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -14725,7 +14725,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -14784,7 +14784,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -14818,7 +14818,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -14912,7 +14912,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -14946,7 +14946,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -14989,7 +14989,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -15023,7 +15023,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -15070,7 +15070,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -15104,7 +15104,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -15147,7 +15147,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -15181,7 +15181,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -15211,7 +15211,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -15245,7 +15245,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -15272,7 +15272,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -15306,7 +15306,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -15333,7 +15333,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -15367,7 +15367,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -15418,7 +15418,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -15452,7 +15452,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -15495,7 +15495,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -15529,7 +15529,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { @@ -15606,7 +15606,7 @@ "category": [ "network" ], - "code": 22, + "code": "22", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -15640,7 +15640,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2016", - "event_id": 22, + "event_id": "22", "process": { "pid": 2828, "thread": { diff --git a/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-11-filedelete.evtx.golden.json b/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-11-filedelete.evtx.golden.json index af4ecf90b18f..a3c79581daa6 100644 --- a/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-11-filedelete.evtx.golden.json +++ b/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-11-filedelete.evtx.golden.json @@ -5,7 +5,7 @@ "category": [ "file" ], - "code": 23, + "code": "23", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -66,7 +66,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2012-r2", - "event_id": 23, + "event_id": "23", "process": { "pid": 664, "thread": { @@ -88,7 +88,7 @@ "category": [ "file" ], - "code": 23, + "code": "23", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -142,7 +142,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2012-r2", - "event_id": 23, + "event_id": "23", "process": { "pid": 664, "thread": { @@ -164,7 +164,7 @@ "category": [ "file" ], - "code": 23, + "code": "23", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -217,7 +217,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2012-r2", - "event_id": 23, + "event_id": "23", "process": { "pid": 1188, "thread": { diff --git a/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-11-registry.evtx.golden.json b/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-11-registry.evtx.golden.json index 8d4eca8c1b05..70217350c10e 100644 --- a/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-11-registry.evtx.golden.json +++ b/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-11-registry.evtx.golden.json @@ -6,7 +6,7 @@ "configuration", "registry" ], - "code": 13, + "code": "13", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -47,7 +47,7 @@ "EventType": "SetValue", "TargetObject": "HKU\\S-1-5-21-1067164964-2079179834-2367582738-1000\\Software\\Key 1" }, - "event_id": 13, + "event_id": "13", "process": { "pid": 5496, "thread": { @@ -70,7 +70,7 @@ "configuration", "registry" ], - "code": 13, + "code": "13", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -105,7 +105,7 @@ "EventType": "SetValue", "TargetObject": "HKU\\S-1-5-21-1067164964-2079179834-2367582738-1000\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\HRZR_PGYFRFFVBA" }, - "event_id": 13, + "event_id": "13", "process": { "pid": 5496, "thread": { @@ -128,7 +128,7 @@ "configuration", "registry" ], - "code": 13, + "code": "13", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -169,7 +169,7 @@ "EventType": "SetValue", "TargetObject": "HKU\\S-1-5-21-1067164964-2079179834-2367582738-1000\\Software\\Key 2" }, - "event_id": 13, + "event_id": "13", "process": { "pid": 5496, "thread": { @@ -192,7 +192,7 @@ "configuration", "registry" ], - "code": 13, + "code": "13", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -227,7 +227,7 @@ "EventType": "SetValue", "TargetObject": "HKU\\S-1-5-21-1067164964-2079179834-2367582738-1000\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{S38OS404-1Q43-42S2-9305-67QR0O28SP23}\\ertrqvg.rkr" }, - "event_id": 13, + "event_id": "13", "process": { "pid": 5496, "thread": { @@ -250,7 +250,7 @@ "configuration", "registry" ], - "code": 13, + "code": "13", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -285,7 +285,7 @@ "EventType": "SetValue", "TargetObject": "HKU\\S-1-5-21-1067164964-2079179834-2367582738-1000\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\HRZR_PGYFRFFVBA" }, - "event_id": 13, + "event_id": "13", "process": { "pid": 5496, "thread": { diff --git a/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-12-loadimage.evtx.golden.json b/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-12-loadimage.evtx.golden.json index 7e248d9363f3..6f9ad64ba41b 100644 --- a/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-12-loadimage.evtx.golden.json +++ b/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-12-loadimage.evtx.golden.json @@ -5,7 +5,7 @@ "category": [ "process" ], - "code": 7, + "code": "7", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -77,7 +77,7 @@ "SignatureStatus": "Valid", "Signed": "true" }, - "event_id": 7, + "event_id": "7", "process": { "pid": 1676, "thread": { diff --git a/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-12-processcreate.evtx.golden.json b/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-12-processcreate.evtx.golden.json index 23074c1aee76..773b7c571a28 100644 --- a/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-12-processcreate.evtx.golden.json +++ b/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-12-processcreate.evtx.golden.json @@ -5,7 +5,7 @@ "category": [ "process" ], - "code": 1, + "code": "1", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -77,7 +77,7 @@ "Product": "Microsoft® Windows® Operating System", "TerminalSessionId": "1" }, - "event_id": 1, + "event_id": "1", "process": { "pid": 7144, "thread": { diff --git a/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-13-clipboardchange.evtx.golden.json b/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-13-clipboardchange.evtx.golden.json index 46275a3a88d3..8047b5d6262a 100644 --- a/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-13-clipboardchange.evtx.golden.json +++ b/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-13-clipboardchange.evtx.golden.json @@ -2,7 +2,7 @@ { "@timestamp": "2021-02-25T15:04:48.592Z", "event": { - "code": 24, + "code": "24", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -47,7 +47,7 @@ "ClientInfo": "user: DESKTOP-I9CQVAQ\\luks", "Session": "1" }, - "event_id": 24, + "event_id": "24", "process": { "pid": 3800, "thread": { diff --git a/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-13-processtampering.evtx.golden.json b/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-13-processtampering.evtx.golden.json index e85f559cee81..5efdad659375 100644 --- a/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-13-processtampering.evtx.golden.json +++ b/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-13-processtampering.evtx.golden.json @@ -5,7 +5,7 @@ "category": [ "process" ], - "code": 25, + "code": "25", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -35,7 +35,7 @@ "event_data": { "Type": "Image is replaced" }, - "event_id": 25, + "event_id": "25", "process": { "pid": 3800, "thread": { diff --git a/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-9.01.evtx.golden.json b/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-9.01.evtx.golden.json index 5e0172c5b396..5c5e0adc37da 100644 --- a/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-9.01.evtx.golden.json +++ b/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-9.01.evtx.golden.json @@ -5,7 +5,7 @@ "category": [ "configuration" ], - "code": 16, + "code": "16", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -26,7 +26,7 @@ "event_data": { "Configuration": "C:\\Users\\vagrant\\Downloads\\\"C:\\Users\\vagrant\\Downloads\\Sysmon.exe\" -i -n" }, - "event_id": 16, + "event_id": "16", "process": { "pid": 4616, "thread": { @@ -48,7 +48,7 @@ "category": [ "process" ], - "code": 4, + "code": "4", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -71,7 +71,7 @@ "State": "Started", "Version": "9.01" }, - "event_id": 4, + "event_id": "4", "process": { "pid": 4860, "thread": { @@ -93,7 +93,7 @@ "category": [ "process" ], - "code": 1, + "code": "1", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -164,7 +164,7 @@ "Product": "Sysinternals Sysmon", "TerminalSessionId": "0" }, - "event_id": 1, + "event_id": "1", "process": { "pid": 4860, "thread": { @@ -186,7 +186,7 @@ "category": [ "process" ], - "code": 1, + "code": "1", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -260,7 +260,7 @@ "Product": "Microsoft® Windows® Operating System", "TerminalSessionId": "0" }, - "event_id": 1, + "event_id": "1", "process": { "pid": 4860, "thread": { @@ -282,7 +282,7 @@ "category": [ "process" ], - "code": 5, + "code": "5", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -307,7 +307,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2012-r2", - "event_id": 5, + "event_id": "5", "process": { "pid": 4860, "thread": { @@ -329,7 +329,7 @@ "category": [ "process" ], - "code": 5, + "code": "5", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -354,7 +354,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2012-r2", - "event_id": 5, + "event_id": "5", "process": { "pid": 4860, "thread": { @@ -376,7 +376,7 @@ "category": [ "process" ], - "code": 1, + "code": "1", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -450,7 +450,7 @@ "Product": "Microsoft® Windows® Operating System", "TerminalSessionId": "0" }, - "event_id": 1, + "event_id": "1", "process": { "pid": 4860, "thread": { @@ -476,7 +476,7 @@ "category": [ "network" ], - "code": 3, + "code": "3", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -525,7 +525,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2012-r2", - "event_id": 3, + "event_id": "3", "process": { "pid": 4860, "thread": { @@ -551,7 +551,7 @@ "category": [ "network" ], - "code": 3, + "code": "3", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -601,7 +601,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2012-r2", - "event_id": 3, + "event_id": "3", "process": { "pid": 4860, "thread": { @@ -627,7 +627,7 @@ "category": [ "network" ], - "code": 3, + "code": "3", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -677,7 +677,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2012-r2", - "event_id": 3, + "event_id": "3", "process": { "pid": 4860, "thread": { @@ -703,7 +703,7 @@ "category": [ "network" ], - "code": 3, + "code": "3", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -753,7 +753,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2012-r2", - "event_id": 3, + "event_id": "3", "process": { "pid": 4860, "thread": { @@ -779,7 +779,7 @@ "category": [ "network" ], - "code": 3, + "code": "3", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -832,7 +832,7 @@ "event_data": { "SourcePortName": "netbios-ns" }, - "event_id": 3, + "event_id": "3", "process": { "pid": 4860, "thread": { @@ -859,7 +859,7 @@ "category": [ "network" ], - "code": 3, + "code": "3", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -911,7 +911,7 @@ "event_data": { "SourcePortName": "netbios-ns" }, - "event_id": 3, + "event_id": "3", "process": { "pid": 4860, "thread": { @@ -937,7 +937,7 @@ "category": [ "network" ], - "code": 3, + "code": "3", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -987,7 +987,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2012-r2", - "event_id": 3, + "event_id": "3", "process": { "pid": 4860, "thread": { @@ -1013,7 +1013,7 @@ "category": [ "network" ], - "code": 3, + "code": "3", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -1062,7 +1062,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2012-r2", - "event_id": 3, + "event_id": "3", "process": { "pid": 4860, "thread": { @@ -1088,7 +1088,7 @@ "category": [ "network" ], - "code": 3, + "code": "3", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -1140,7 +1140,7 @@ "event_data": { "SourcePortName": "netbios-ns" }, - "event_id": 3, + "event_id": "3", "process": { "pid": 4860, "thread": { @@ -1166,7 +1166,7 @@ "category": [ "network" ], - "code": 3, + "code": "3", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -1218,7 +1218,7 @@ "event_data": { "SourcePortName": "netbios-ns" }, - "event_id": 3, + "event_id": "3", "process": { "pid": 4860, "thread": { @@ -1244,7 +1244,7 @@ "category": [ "network" ], - "code": 3, + "code": "3", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -1293,7 +1293,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2012-r2", - "event_id": 3, + "event_id": "3", "process": { "pid": 4860, "thread": { @@ -1319,7 +1319,7 @@ "category": [ "network" ], - "code": 3, + "code": "3", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -1368,7 +1368,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2012-r2", - "event_id": 3, + "event_id": "3", "process": { "pid": 4860, "thread": { @@ -1394,7 +1394,7 @@ "category": [ "network" ], - "code": 3, + "code": "3", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -1447,7 +1447,7 @@ "event_data": { "SourcePortName": "netbios-ns" }, - "event_id": 3, + "event_id": "3", "process": { "pid": 4860, "thread": { @@ -1473,7 +1473,7 @@ "category": [ "network" ], - "code": 3, + "code": "3", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -1526,7 +1526,7 @@ "event_data": { "SourcePortName": "netbios-ns" }, - "event_id": 3, + "event_id": "3", "process": { "pid": 4860, "thread": { @@ -1552,7 +1552,7 @@ "category": [ "network" ], - "code": 3, + "code": "3", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -1605,7 +1605,7 @@ "event_data": { "SourcePortName": "netbios-ns" }, - "event_id": 3, + "event_id": "3", "process": { "pid": 4860, "thread": { @@ -1631,7 +1631,7 @@ "category": [ "network" ], - "code": 3, + "code": "3", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -1684,7 +1684,7 @@ "event_data": { "SourcePortName": "netbios-ns" }, - "event_id": 3, + "event_id": "3", "process": { "pid": 4860, "thread": { @@ -1706,7 +1706,7 @@ "category": [ "process" ], - "code": 5, + "code": "5", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -1731,7 +1731,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2012-r2", - "event_id": 5, + "event_id": "5", "process": { "pid": 4860, "thread": { @@ -1753,7 +1753,7 @@ "category": [ "process" ], - "code": 5, + "code": "5", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -1778,7 +1778,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2012-r2", - "event_id": 5, + "event_id": "5", "process": { "pid": 4860, "thread": { @@ -1800,7 +1800,7 @@ "category": [ "file" ], - "code": 2, + "code": "2", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -1834,7 +1834,7 @@ "CreationUtcTime": "2019-03-18 16:52:04.980", "PreviousCreationUtcTime": "2019-03-18 16:57:52.387" }, - "event_id": 2, + "event_id": "2", "process": { "pid": 4860, "thread": { @@ -1856,7 +1856,7 @@ "category": [ "file" ], - "code": 2, + "code": "2", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -1890,7 +1890,7 @@ "CreationUtcTime": "2019-03-18 16:52:04.980", "PreviousCreationUtcTime": "2019-03-18 16:57:52.402" }, - "event_id": 2, + "event_id": "2", "process": { "pid": 4860, "thread": { @@ -1912,7 +1912,7 @@ "category": [ "file" ], - "code": 2, + "code": "2", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -1946,7 +1946,7 @@ "CreationUtcTime": "2019-03-18 16:52:05.028", "PreviousCreationUtcTime": "2019-03-18 16:57:52.402" }, - "event_id": 2, + "event_id": "2", "process": { "pid": 4860, "thread": { @@ -1968,7 +1968,7 @@ "category": [ "file" ], - "code": 2, + "code": "2", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -2002,7 +2002,7 @@ "CreationUtcTime": "2019-03-18 16:51:54.980", "PreviousCreationUtcTime": "2019-03-18 16:57:52.417" }, - "event_id": 2, + "event_id": "2", "process": { "pid": 4860, "thread": { @@ -2024,7 +2024,7 @@ "category": [ "process" ], - "code": 5, + "code": "5", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -2049,7 +2049,7 @@ "api": "wineventlog", "channel": "Microsoft-Windows-Sysmon/Operational", "computer_name": "vagrant-2012-r2", - "event_id": 5, + "event_id": "5", "process": { "pid": 4860, "thread": { @@ -2071,7 +2071,7 @@ "category": [ "file" ], - "code": 2, + "code": "2", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -2105,7 +2105,7 @@ "CreationUtcTime": "2019-03-18 16:52:08.496", "PreviousCreationUtcTime": "2019-03-18 16:57:52.417" }, - "event_id": 2, + "event_id": "2", "process": { "pid": 4860, "thread": { @@ -2127,7 +2127,7 @@ "category": [ "file" ], - "code": 2, + "code": "2", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -2161,7 +2161,7 @@ "CreationUtcTime": "2019-03-18 16:52:05.339", "PreviousCreationUtcTime": "2019-03-18 16:57:52.417" }, - "event_id": 2, + "event_id": "2", "process": { "pid": 4860, "thread": {