<span class="pill kill-chain">_time</span>
</div>
Data Source: Sysmon EventID 26
Description
Data source object for Sysmon EventID 26
Details
| Property | Value |
|---|---|
| Source | XmlWinEventLog:Microsoft-Windows-Sysmon/Operational |
| Sourcetype | XmlWinEventLog |
| Separator | EventID |
Supported Apps
- Splunk Add-on for Sysmon (version 5.0.0)
Event Fields
Fields
Required Output Fields
-
action
-
dest
-
dvc
-
file_path
-
file_hash
-
file_name
-
file_modify_time
-
process_exec
-
process_guid
-
process_id
-
process_name
-
process_path
-
signature
-
signature_id
-
user
-
user_id
-
vendor_product
Source: GitHub | Version: 2