add more custom documentation fields on windows (#424)

Author: ferullo

custom_documentation/doc/endpoint/file/windows/windows_file_rename.md

@@ -10,6 +10,10 @@ This event is generated when a file is renamed.
 | Field |
 |---|
 | @timestamp |
+| Effective_process.entity_id |
+| Effective_process.executable |
+| Effective_process.name |
+| Effective_process.pid |
 | agent.id |
 | agent.type |
 | agent.version |

custom_documentation/doc/endpoint/metrics/metrics.md

@@ -118,6 +118,8 @@ This is an internal state management document that includes metrics on Endpoint'
 | Endpoint.metrics.system_impact.registry_events.week_ms |
 | Endpoint.metrics.system_impact.threat_intelligence_events.week_idle_ms |
 | Endpoint.metrics.system_impact.threat_intelligence_events.week_ms |
+| Endpoint.metrics.system_impact.win32k_events.week_idle_ms |
+| Endpoint.metrics.system_impact.win32k_events.week_ms |
 | Endpoint.metrics.threads.cpu.mean |
 | Endpoint.metrics.threads.name |
 | Endpoint.metrics.uptime.endpoint |

custom_documentation/src/endpoint/data_stream/file/windows/windows_file_rename.yaml

@@ -15,6 +15,10 @@ identification:
 fields:
   endpoint:
   - '@timestamp'
+  - Effective_process.entity_id
+  - Effective_process.executable
+  - Effective_process.name
+  - Effective_process.pid
   - agent.id
   - agent.type
   - agent.version

custom_documentation/src/endpoint/data_stream/metrics/metrics.yaml

@@ -125,6 +125,8 @@ fields:
   - Endpoint.metrics.system_impact.registry_events.week_ms
   - Endpoint.metrics.system_impact.threat_intelligence_events.week_idle_ms
   - Endpoint.metrics.system_impact.threat_intelligence_events.week_ms
+  - Endpoint.metrics.system_impact.win32k_events.week_idle_ms
+  - Endpoint.metrics.system_impact.win32k_events.week_ms
   - Endpoint.metrics.threads.cpu.mean
   - Endpoint.metrics.threads.name
   - Endpoint.metrics.uptime.endpoint