From c0a647add4f1f88f115b00516e8e3a379ac17cee Mon Sep 17 00:00:00 2001 From: Dan Kortschak <90160302+efd6@users.noreply.github.com> Date: Wed, 1 Nov 2023 14:51:08 +1030 Subject: [PATCH] x-pack/winlogbeat/modules/security: fix UAC attribute bit table (#37009) The previous table was incorrect. Table data comes from MS-SAMR: Security Account Manager (SAM) Remote Protocol (Client-to-Server) version 46.0[1], 2.2.1.12 USER_ACCOUNT Codes. [1]https://winprotocoldoc.blob.core.windows.net/productionwindowsarchives/MS-SAMR/%5bMS-SAMR%5d-230828.docx --- CHANGELOG.next.asciidoc | 1 + .../module/security/ingest/security.yml | 46 +++++++++---------- .../test/testdata/ingest/1100.golden.json | 1 - .../test/testdata/ingest/1102.golden.json | 1 - .../test/testdata/ingest/1104.golden.json | 1 - .../test/testdata/ingest/1105.golden.json | 1 - .../ingest/4670_WindowsSrv2016.golden.json | 1 - .../ingest/4706_WindowsSrv2016.golden.json | 1 - .../ingest/4707_WindowsSrv2016.golden.json | 1 - .../ingest/4713_WindowsSrv2016.golden.json | 1 - .../ingest/4716_WindowsSrv2016.golden.json | 1 - .../ingest/4717_WindowsSrv2016.golden.json | 1 - .../ingest/4718_WindowsSrv2016.golden.json | 1 - .../test/testdata/ingest/4719.golden.json | 1 - .../ingest/4719_WindowsSrv2016.golden.json | 1 - .../ingest/4739_WindowsSrv2016.golden.json | 1 - .../test/testdata/ingest/4741.golden.json | 6 +-- .../test/testdata/ingest/4742.golden.json | 4 +- .../test/testdata/ingest/4743.golden.json | 1 - .../test/testdata/ingest/4744.golden.json | 1 - .../test/testdata/ingest/4745.golden.json | 1 - .../test/testdata/ingest/4746.golden.json | 1 - .../test/testdata/ingest/4747.golden.json | 1 - .../test/testdata/ingest/4748.golden.json | 1 - .../test/testdata/ingest/4749.golden.json | 1 - .../test/testdata/ingest/4750.golden.json | 1 - .../test/testdata/ingest/4751.golden.json | 1 - .../test/testdata/ingest/4752.golden.json | 1 - .../test/testdata/ingest/4753.golden.json | 1 - .../test/testdata/ingest/4759.golden.json | 1 - .../test/testdata/ingest/4760.golden.json | 1 - .../test/testdata/ingest/4761.golden.json | 1 - .../test/testdata/ingest/4762.golden.json | 1 - .../test/testdata/ingest/4763.golden.json | 1 - .../ingest/4817_WindowsSrv2016.golden.json | 1 - .../ingest/4902_WindowsSrv2016.golden.json | 1 - .../ingest/4904_WindowsSrv2016.golden.json | 1 - .../ingest/4905_WindowsSrv2016.golden.json | 1 - .../ingest/4906_WindowsSrv2016.golden.json | 1 - .../ingest/4907_WindowsSrv2016.golden.json | 1 - .../ingest/4908_WindowsSrv2016.golden.json | 1 - .../security-windows2012_4673.golden.json | 1 - .../security-windows2012_4674.golden.json | 1 - .../security-windows2012_4697.golden.json | 1 - .../security-windows2012_4698.golden.json | 1 - .../security-windows2012_4699.golden.json | 1 - .../security-windows2012_4700.golden.json | 1 - .../security-windows2012_4701.golden.json | 1 - .../security-windows2012_4702.golden.json | 1 - .../security-windows2012_4768.golden.json | 1 - .../security-windows2012_4769.golden.json | 1 - .../security-windows2012_4770.golden.json | 1 - .../security-windows2012_4771.golden.json | 1 - .../security-windows2012_4776.golden.json | 1 - .../security-windows2012_4778.golden.json | 1 - .../security-windows2012_4779.golden.json | 1 - .../security-windows2012r2-logon.golden.json | 18 -------- .../security-windows2016-4672.golden.json | 1 - .../security-windows2016-logoff.golden.json | 2 - ...ndows2016_4720_Account_Created.golden.json | 12 ++--- ...ndows2016_4722_Account_Enabled.golden.json | 2 - ...ndows2016_4723_Password_Change.golden.json | 2 - ...indows2016_4724_Password_Reset.golden.json | 2 - ...dows2016_4725_Account_Disabled.golden.json | 2 - ...ndows2016_4726_Account_Deleted.golden.json | 2 - .../security-windows2016_4727.golden.json | 1 - .../security-windows2016_4728.golden.json | 1 - .../security-windows2016_4729.golden.json | 1 - .../security-windows2016_4730.golden.json | 1 - .../security-windows2016_4731.golden.json | 1 - .../security-windows2016_4732.golden.json | 1 - .../security-windows2016_4733.golden.json | 1 - .../security-windows2016_4734.golden.json | 1 - .../security-windows2016_4735.golden.json | 1 - .../security-windows2016_4737.golden.json | 1 - ...ndows2016_4738_Account_Changed.golden.json | 10 ++-- ...ws2016_4740_Account_Locked_Out.golden.json | 1 - .../security-windows2016_4754.golden.json | 1 - .../security-windows2016_4755.golden.json | 1 - .../security-windows2016_4756.golden.json | 1 - .../security-windows2016_4757.golden.json | 1 - .../security-windows2016_4758.golden.json | 1 - .../security-windows2016_4764.golden.json | 1 - ...dows2016_4767_Account_Unlocked.golden.json | 1 - ...ndows2016_4781_Account_Renamed.golden.json | 2 - .../security-windows2016_4798.golden.json | 1 - .../security-windows2016_4799.golden.json | 1 - .../security-windows2016_4964.golden.json | 2 - ...ndows2019_4688_Process_Created.golden.json | 1 - ...indows2019_4689_Process_Exited.golden.json | 3 -- 90 files changed, 39 insertions(+), 151 deletions(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 2d2364180d0..3fc9493640b 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -154,6 +154,7 @@ is collected by it. *Winlogbeat* +- Fix User Account Control Attributes Table values for Security module. {issue}36999[36999] {pull}37009[37009] *Elastic Logging Plugin* diff --git a/x-pack/winlogbeat/module/security/ingest/security.yml b/x-pack/winlogbeat/module/security/ingest/security.yml index 846fdd26fbb..020b14af356 100644 --- a/x-pack/winlogbeat/module/security/ingest/security.yml +++ b/x-pack/winlogbeat/module/security/ingest/security.yml @@ -836,30 +836,30 @@ processors: tag: Set User Account Control description: Set User Account Control # User Account Control Attributes Table - # https://support.microsoft.com/es-us/help/305144/how-to-use-useraccountcontrol-to-manipulate-user-account-properties + # https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/4df07fab-1bbc-452f-8e92-7853a3c7e380 params: - "0x00000001": SCRIPT - "0x00000002": ACCOUNTDISABLE - "0x00000008": HOMEDIR_REQUIRED - "0x00000010": LOCKOUT - "0x00000020": PASSWD_NOTREQD - "0x00000040": PASSWD_CANT_CHANGE - "0x00000080": ENCRYPTED_TEXT_PWD_ALLOWED - "0x00000100": TEMP_DUPLICATE_ACCOUNT - "0x00000200": NORMAL_ACCOUNT - "0x00000800": INTERDOMAIN_TRUST_ACCOUNT - "0x00001000": WORKSTATION_TRUST_ACCOUNT - "0x00002000": SERVER_TRUST_ACCOUNT - "0x00010000": DONT_EXPIRE_PASSWORD - "0x00020000": MNS_LOGON_ACCOUNT - "0x00040000": SMARTCARD_REQUIRED - "0x00080000": TRUSTED_FOR_DELEGATION - "0x00100000": NOT_DELEGATED - "0x00200000": USE_DES_KEY_ONLY - "0x00400000": DONT_REQ_PREAUTH - "0x00800000": PASSWORD_EXPIRED - "0x01000000": TRUSTED_TO_AUTH_FOR_DELEGATION - "0x04000000": PARTIAL_SECRETS_ACCOUNT + "0x00000001": USER_ACCOUNT_DISABLED + "0x00000002": USER_HOME_DIRECTORY_REQUIRED + "0x00000004": USER_PASSWORD_NOT_REQUIRED + "0x00000008": USER_TEMP_DUPLICATE_ACCOUNT + "0x00000010": USER_NORMAL_ACCOUNT + "0x00000020": USER_MNS_LOGON_ACCOUNT + "0x00000040": USER_INTERDOMAIN_TRUST_ACCOUNT + "0x00000080": USER_WORKSTATION_TRUST_ACCOUNT + "0x00000100": USER_SERVER_TRUST_ACCOUNT + "0x00000200": USER_DONT_EXPIRE_PASSWORD + "0x00000400": USER_ACCOUNT_AUTO_LOCKED + "0x00000800": USER_ENCRYPTED_TEXT_PASSWORD_ALLOWED + "0x00001000": USER_SMARTCARD_REQUIRED + "0x00002000": USER_TRUSTED_FOR_DELEGATION + "0x00004000": USER_NOT_DELEGATED + "0x00008000": USER_USE_DES_KEY_ONLY + "0x00010000": USER_DONT_REQUIRE_PREAUTH + "0x00020000": USER_PASSWORD_EXPIRED + "0x00040000": USER_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION + "0x00080000": USER_NO_AUTH_DATA_REQUIRED + "0x00100000": USER_PARTIAL_SECRETS_ACCOUNT + "0x00200000": USER_USE_AES_KEYS source: |- if (ctx?.winlog?.event_data?.NewUacValue == null) { return; diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/1100.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/1100.golden.json index 1eaf254cb9c..0e6fdfaa198 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/1100.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/1100.golden.json @@ -10,7 +10,6 @@ "process" ], "code": "1100", - "ingested": "2022-06-08T06:21:07.784686200Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/1102.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/1102.golden.json index 6374f10e8eb..f25bf0530d4 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/1102.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/1102.golden.json @@ -10,7 +10,6 @@ "iam" ], "code": "1102", - "ingested": "2022-06-08T06:21:07.838072400Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/1104.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/1104.golden.json index d54a6ee27af..72250f42747 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/1104.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/1104.golden.json @@ -10,7 +10,6 @@ "iam" ], "code": "1104", - "ingested": "2022-06-08T06:21:07.850785400Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/1105.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/1105.golden.json index 066a1ba598d..0fd4278b24f 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/1105.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/1105.golden.json @@ -10,7 +10,6 @@ "iam" ], "code": "1105", - "ingested": "2022-06-08T06:21:07.856253Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/4670_WindowsSrv2016.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/4670_WindowsSrv2016.golden.json index 0ac7449263b..3896d299bca 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/4670_WindowsSrv2016.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/4670_WindowsSrv2016.golden.json @@ -11,7 +11,6 @@ "configuration" ], "code": "4670", - "ingested": "2022-06-08T06:21:07.861752100Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/4706_WindowsSrv2016.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/4706_WindowsSrv2016.golden.json index 7d98f44725c..08d1e9e963b 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/4706_WindowsSrv2016.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/4706_WindowsSrv2016.golden.json @@ -10,7 +10,6 @@ "configuration" ], "code": "4706", - "ingested": "2022-06-08T06:21:07.908218700Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/4707_WindowsSrv2016.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/4707_WindowsSrv2016.golden.json index ab4a62ab9b2..55b0f03274f 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/4707_WindowsSrv2016.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/4707_WindowsSrv2016.golden.json @@ -10,7 +10,6 @@ "configuration" ], "code": "4707", - "ingested": "2022-06-08T06:21:07.915673700Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/4713_WindowsSrv2016.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/4713_WindowsSrv2016.golden.json index 7a8930ce885..6e14de61824 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/4713_WindowsSrv2016.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/4713_WindowsSrv2016.golden.json @@ -10,7 +10,6 @@ "configuration" ], "code": "4713", - "ingested": "2022-06-08T06:21:07.921167700Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/4716_WindowsSrv2016.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/4716_WindowsSrv2016.golden.json index 57c656a7670..e11018510a4 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/4716_WindowsSrv2016.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/4716_WindowsSrv2016.golden.json @@ -10,7 +10,6 @@ "configuration" ], "code": "4716", - "ingested": "2022-06-08T06:21:07.926829100Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/4717_WindowsSrv2016.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/4717_WindowsSrv2016.golden.json index 30a0da980a2..231a35064e5 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/4717_WindowsSrv2016.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/4717_WindowsSrv2016.golden.json @@ -11,7 +11,6 @@ "configuration" ], "code": "4717", - "ingested": "2022-06-08T06:21:07.932459300Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/4718_WindowsSrv2016.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/4718_WindowsSrv2016.golden.json index 3becc27b8f2..48cb2f74785 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/4718_WindowsSrv2016.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/4718_WindowsSrv2016.golden.json @@ -11,7 +11,6 @@ "configuration" ], "code": "4718", - "ingested": "2022-06-08T06:21:07.938661600Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/4719.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/4719.golden.json index b43487b6efb..b034d8caa03 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/4719.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/4719.golden.json @@ -11,7 +11,6 @@ "configuration" ], "code": "4719", - "ingested": "2022-06-08T06:21:07.944221400Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/4719_WindowsSrv2016.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/4719_WindowsSrv2016.golden.json index 92e60c91e1d..770bb463c1a 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/4719_WindowsSrv2016.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/4719_WindowsSrv2016.golden.json @@ -11,7 +11,6 @@ "configuration" ], "code": "4719", - "ingested": "2022-06-08T06:21:07.955823800Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/4739_WindowsSrv2016.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/4739_WindowsSrv2016.golden.json index b7a566a0fff..04b96ac5583 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/4739_WindowsSrv2016.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/4739_WindowsSrv2016.golden.json @@ -10,7 +10,6 @@ "configuration" ], "code": "4739", - "ingested": "2022-06-08T06:21:07.963089600Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/4741.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/4741.golden.json index 1ae1d6e9de9..b2451c6b75b 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/4741.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/4741.golden.json @@ -10,7 +10,6 @@ "iam" ], "code": "4741", - "ingested": "2022-06-08T06:21:07.970367200Z", "kind": "event", "module": "security", "outcome": "success", @@ -55,8 +54,9 @@ "HomePath": "-", "LogonHours": "%%1793", "NewUACList": [ - "SCRIPT", - "ENCRYPTED_TEXT_PWD_ALLOWED" + "USER_ACCOUNT_DISABLED", + "USER_PASSWORD_NOT_REQUIRED", + "USER_WORKSTATION_TRUST_ACCOUNT" ], "NewUacValue": "0x85", "OldUacValue": "0x0", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/4742.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/4742.golden.json index 6eb53747422..4233d2fec7a 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/4742.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/4742.golden.json @@ -10,7 +10,6 @@ "iam" ], "code": "4742", - "ingested": "2022-06-08T06:21:07.984310900Z", "kind": "event", "module": "security", "outcome": "success", @@ -56,7 +55,8 @@ "HomePath": "-", "LogonHours": "-", "NewUACList": [ - "ENCRYPTED_TEXT_PWD_ALLOWED" + "USER_PASSWORD_NOT_REQUIRED", + "USER_WORKSTATION_TRUST_ACCOUNT" ], "NewUacValue": "0x84", "OldUacValue": "0x85", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/4743.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/4743.golden.json index 29f38474c35..b7cd00dd8bf 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/4743.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/4743.golden.json @@ -10,7 +10,6 @@ "iam" ], "code": "4743", - "ingested": "2022-06-08T06:21:07.989281200Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/4744.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/4744.golden.json index 635787f0a4a..14340f1898d 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/4744.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/4744.golden.json @@ -10,7 +10,6 @@ "iam" ], "code": "4744", - "ingested": "2022-06-08T06:21:07.994556700Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/4745.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/4745.golden.json index eeee7ce2fc9..cb0b005fc8e 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/4745.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/4745.golden.json @@ -10,7 +10,6 @@ "iam" ], "code": "4745", - "ingested": "2022-06-08T06:21:08.002640900Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/4746.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/4746.golden.json index db2cde52acd..8922fa5b1d6 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/4746.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/4746.golden.json @@ -10,7 +10,6 @@ "iam" ], "code": "4746", - "ingested": "2022-06-08T06:21:08.017662600Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/4747.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/4747.golden.json index b1d1db2e16a..5e85e85cb34 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/4747.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/4747.golden.json @@ -10,7 +10,6 @@ "iam" ], "code": "4747", - "ingested": "2022-06-08T06:21:08.025768800Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/4748.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/4748.golden.json index bc74a2fdf8b..b3212145129 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/4748.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/4748.golden.json @@ -10,7 +10,6 @@ "iam" ], "code": "4748", - "ingested": "2022-06-08T06:21:08.030353100Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/4749.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/4749.golden.json index bc107b8485b..a85446eede7 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/4749.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/4749.golden.json @@ -10,7 +10,6 @@ "iam" ], "code": "4749", - "ingested": "2022-06-08T06:21:08.034749600Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/4750.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/4750.golden.json index 5f6bdc8c532..f66b9e93c99 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/4750.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/4750.golden.json @@ -10,7 +10,6 @@ "iam" ], "code": "4750", - "ingested": "2022-06-08T06:21:08.039233400Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/4751.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/4751.golden.json index 47f8fc9c650..981b0e94299 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/4751.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/4751.golden.json @@ -10,7 +10,6 @@ "iam" ], "code": "4751", - "ingested": "2022-06-08T06:21:08.051295Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/4752.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/4752.golden.json index 24b12c361f9..1aae6467908 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/4752.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/4752.golden.json @@ -10,7 +10,6 @@ "iam" ], "code": "4752", - "ingested": "2022-06-08T06:21:08.057508500Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/4753.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/4753.golden.json index df72711f806..46d6bb0e394 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/4753.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/4753.golden.json @@ -10,7 +10,6 @@ "iam" ], "code": "4753", - "ingested": "2022-06-08T06:21:08.063346200Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/4759.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/4759.golden.json index 7c62dac0da7..ba25270a4c8 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/4759.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/4759.golden.json @@ -10,7 +10,6 @@ "iam" ], "code": "4759", - "ingested": "2022-06-08T06:21:08.069524100Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/4760.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/4760.golden.json index f92c3a95d65..d316a4133ec 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/4760.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/4760.golden.json @@ -10,7 +10,6 @@ "iam" ], "code": "4760", - "ingested": "2022-06-08T06:21:08.074975800Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/4761.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/4761.golden.json index 8c22b8f7d59..9c37bd371f0 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/4761.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/4761.golden.json @@ -10,7 +10,6 @@ "iam" ], "code": "4761", - "ingested": "2022-06-08T06:21:08.080868Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/4762.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/4762.golden.json index e088f163bc8..4bfe930b0da 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/4762.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/4762.golden.json @@ -10,7 +10,6 @@ "iam" ], "code": "4762", - "ingested": "2022-06-08T06:21:08.086379300Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/4763.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/4763.golden.json index 1a0a51efac0..780b65bd7ef 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/4763.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/4763.golden.json @@ -10,7 +10,6 @@ "iam" ], "code": "4763", - "ingested": "2022-06-08T06:21:08.092821300Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/4817_WindowsSrv2016.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/4817_WindowsSrv2016.golden.json index 8917f0c86ec..cb3a98d3882 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/4817_WindowsSrv2016.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/4817_WindowsSrv2016.golden.json @@ -11,7 +11,6 @@ "configuration" ], "code": "4817", - "ingested": "2022-06-08T06:21:08.101661100Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/4902_WindowsSrv2016.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/4902_WindowsSrv2016.golden.json index bab3c88b795..5c6dab0f41d 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/4902_WindowsSrv2016.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/4902_WindowsSrv2016.golden.json @@ -11,7 +11,6 @@ "configuration" ], "code": "4902", - "ingested": "2022-06-08T06:21:08.110215500Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/4904_WindowsSrv2016.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/4904_WindowsSrv2016.golden.json index b253a246013..c91fd476614 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/4904_WindowsSrv2016.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/4904_WindowsSrv2016.golden.json @@ -11,7 +11,6 @@ "configuration" ], "code": "4904", - "ingested": "2022-06-08T06:21:08.115118100Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/4905_WindowsSrv2016.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/4905_WindowsSrv2016.golden.json index 38daa55319b..4eb0139038c 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/4905_WindowsSrv2016.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/4905_WindowsSrv2016.golden.json @@ -11,7 +11,6 @@ "configuration" ], "code": "4905", - "ingested": "2022-06-08T06:21:08.119957100Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/4906_WindowsSrv2016.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/4906_WindowsSrv2016.golden.json index 742d95031e5..2e71ca0361d 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/4906_WindowsSrv2016.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/4906_WindowsSrv2016.golden.json @@ -11,7 +11,6 @@ "configuration" ], "code": "4906", - "ingested": "2022-06-08T06:21:08.124490200Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/4907_WindowsSrv2016.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/4907_WindowsSrv2016.golden.json index 1010ad2b281..8ec45c3dbd8 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/4907_WindowsSrv2016.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/4907_WindowsSrv2016.golden.json @@ -11,7 +11,6 @@ "configuration" ], "code": "4907", - "ingested": "2022-06-08T06:21:08.129757100Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/4908_WindowsSrv2016.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/4908_WindowsSrv2016.golden.json index 7fcc0d935f5..9acba8df75c 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/4908_WindowsSrv2016.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/4908_WindowsSrv2016.golden.json @@ -11,7 +11,6 @@ "configuration" ], "code": "4908", - "ingested": "2022-06-09T04:25:10.390738Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012_4673.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012_4673.golden.json index ee3d3ecca90..b1724e0f4c6 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012_4673.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012_4673.golden.json @@ -10,7 +10,6 @@ "iam" ], "code": "4673", - "ingested": "2022-06-08T06:21:08.143556300Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012_4674.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012_4674.golden.json index 8a598490950..15e95215432 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012_4674.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012_4674.golden.json @@ -10,7 +10,6 @@ "iam" ], "code": "4674", - "ingested": "2022-06-08T06:21:08.149617100Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012_4697.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012_4697.golden.json index 2364c9c945a..4583f47bf55 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012_4697.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012_4697.golden.json @@ -11,7 +11,6 @@ "configuration" ], "code": "4697", - "ingested": "2022-06-08T06:21:08.156998700Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012_4698.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012_4698.golden.json index 16ac2d25a4c..cb07d880e62 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012_4698.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012_4698.golden.json @@ -11,7 +11,6 @@ "configuration" ], "code": "4698", - "ingested": "2022-06-08T06:21:08.162693600Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012_4699.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012_4699.golden.json index c467fe97056..b3c26a4f56a 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012_4699.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012_4699.golden.json @@ -11,7 +11,6 @@ "configuration" ], "code": "4699", - "ingested": "2022-06-08T06:21:08.168246300Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012_4700.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012_4700.golden.json index 8fee3ad99d1..8ad5f4600d3 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012_4700.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012_4700.golden.json @@ -11,7 +11,6 @@ "configuration" ], "code": "4700", - "ingested": "2022-06-08T06:21:08.173701300Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012_4701.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012_4701.golden.json index 62b7e37c3bb..cc62f8e6c6e 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012_4701.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012_4701.golden.json @@ -11,7 +11,6 @@ "configuration" ], "code": "4701", - "ingested": "2022-06-08T06:21:08.178899800Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012_4702.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012_4702.golden.json index 6525f91ebfd..2352de8c494 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012_4702.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012_4702.golden.json @@ -11,7 +11,6 @@ "configuration" ], "code": "4702", - "ingested": "2022-06-08T06:21:08.184651500Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012_4768.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012_4768.golden.json index f3740d6b1cf..c1c40241415 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012_4768.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012_4768.golden.json @@ -10,7 +10,6 @@ "authentication" ], "code": "4768", - "ingested": "2022-06-08T06:21:08.190661800Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012_4769.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012_4769.golden.json index 8af6ff6551c..ddf98ed0b7c 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012_4769.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012_4769.golden.json @@ -10,7 +10,6 @@ "authentication" ], "code": "4769", - "ingested": "2022-06-08T06:21:08.199357500Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012_4770.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012_4770.golden.json index 41b1b2aee08..d76e139ac7a 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012_4770.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012_4770.golden.json @@ -10,7 +10,6 @@ "authentication" ], "code": "4770", - "ingested": "2022-06-08T06:21:08.204255500Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012_4771.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012_4771.golden.json index 27c8e247554..8ac4835eb36 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012_4771.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012_4771.golden.json @@ -10,7 +10,6 @@ "authentication" ], "code": "4771", - "ingested": "2022-06-08T06:21:08.209027300Z", "kind": "event", "module": "security", "outcome": "failure", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012_4776.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012_4776.golden.json index 2e6296b4123..e9ee05ee05c 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012_4776.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012_4776.golden.json @@ -10,7 +10,6 @@ "authentication" ], "code": "4776", - "ingested": "2022-06-08T06:21:08.213859200Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012_4778.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012_4778.golden.json index 19127eb1267..da716047cdd 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012_4778.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012_4778.golden.json @@ -11,7 +11,6 @@ "session" ], "code": "4778", - "ingested": "2022-06-08T06:21:08.218876200Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012_4779.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012_4779.golden.json index aabbb2b2843..fb96fcfc2a6 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012_4779.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012_4779.golden.json @@ -11,7 +11,6 @@ "session" ], "code": "4779", - "ingested": "2022-06-08T06:21:08.225133500Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012r2-logon.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012r2-logon.golden.json index 9fa6d71e344..ca2e383e600 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012r2-logon.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2012r2-logon.golden.json @@ -10,7 +10,6 @@ "authentication" ], "code": "4624", - "ingested": "2022-06-08T06:21:08.233175700Z", "kind": "event", "module": "security", "outcome": "success", @@ -99,7 +98,6 @@ "authentication" ], "code": "4624", - "ingested": "2022-06-08T06:21:08.233202400Z", "kind": "event", "module": "security", "outcome": "success", @@ -188,7 +186,6 @@ "authentication" ], "code": "4624", - "ingested": "2022-06-08T06:21:08.233212800Z", "kind": "event", "module": "security", "outcome": "success", @@ -283,7 +280,6 @@ "authentication" ], "code": "4624", - "ingested": "2022-06-08T06:21:08.233221700Z", "kind": "event", "module": "security", "outcome": "success", @@ -372,7 +368,6 @@ "authentication" ], "code": "4624", - "ingested": "2022-06-08T06:21:08.233234500Z", "kind": "event", "module": "security", "outcome": "success", @@ -460,7 +455,6 @@ "authentication" ], "code": "4624", - "ingested": "2022-06-08T06:21:08.233247200Z", "kind": "event", "module": "security", "outcome": "success", @@ -548,7 +542,6 @@ "authentication" ], "code": "4624", - "ingested": "2022-06-08T06:21:08.233259700Z", "kind": "event", "module": "security", "outcome": "success", @@ -636,7 +629,6 @@ "authentication" ], "code": "4624", - "ingested": "2022-06-08T06:21:08.233272300Z", "kind": "event", "module": "security", "outcome": "success", @@ -724,7 +716,6 @@ "authentication" ], "code": "4624", - "ingested": "2022-06-08T06:21:08.233284800Z", "kind": "event", "module": "security", "outcome": "success", @@ -815,7 +806,6 @@ "authentication" ], "code": "4624", - "ingested": "2022-06-08T06:21:08.233299300Z", "kind": "event", "module": "security", "outcome": "success", @@ -904,7 +894,6 @@ "authentication" ], "code": "4624", - "ingested": "2022-06-08T06:21:08.233312100Z", "kind": "event", "module": "security", "outcome": "success", @@ -999,7 +988,6 @@ "authentication" ], "code": "4624", - "ingested": "2022-06-08T06:21:08.233322700Z", "kind": "event", "module": "security", "outcome": "success", @@ -1088,7 +1076,6 @@ "authentication" ], "code": "4624", - "ingested": "2022-06-08T06:21:08.233331Z", "kind": "event", "module": "security", "outcome": "success", @@ -1177,7 +1164,6 @@ "authentication" ], "code": "4624", - "ingested": "2022-06-08T06:21:08.233343700Z", "kind": "event", "module": "security", "outcome": "success", @@ -1266,7 +1252,6 @@ "authentication" ], "code": "4624", - "ingested": "2022-06-08T06:21:08.233356Z", "kind": "event", "module": "security", "outcome": "success", @@ -1355,7 +1340,6 @@ "authentication" ], "code": "4624", - "ingested": "2022-06-08T06:21:08.233386300Z", "kind": "event", "module": "security", "outcome": "success", @@ -1444,7 +1428,6 @@ "authentication" ], "code": "4624", - "ingested": "2022-06-08T06:21:08.233400100Z", "kind": "event", "module": "security", "outcome": "success", @@ -1533,7 +1516,6 @@ "authentication" ], "code": "4625", - "ingested": "2022-06-08T06:21:08.233408800Z", "kind": "event", "module": "security", "outcome": "failure", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016-4672.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016-4672.golden.json index bdb665abba4..a4d6dd61203 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016-4672.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016-4672.golden.json @@ -10,7 +10,6 @@ "iam" ], "code": "4672", - "ingested": "2022-06-08T06:21:08.268186400Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016-logoff.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016-logoff.golden.json index 278965f26e1..a7fcd4fe171 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016-logoff.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016-logoff.golden.json @@ -10,7 +10,6 @@ "authentication" ], "code": "4634", - "ingested": "2022-06-08T06:21:08.274378300Z", "kind": "event", "module": "security", "outcome": "success", @@ -79,7 +78,6 @@ "authentication" ], "code": "4634", - "ingested": "2022-06-08T06:21:08.274397100Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4720_Account_Created.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4720_Account_Created.golden.json index 42d00562adb..37cfbae0c18 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4720_Account_Created.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4720_Account_Created.golden.json @@ -10,7 +10,6 @@ "iam" ], "code": "4720", - "ingested": "2022-06-08T06:21:08.280835800Z", "kind": "event", "module": "security", "outcome": "success", @@ -56,8 +55,9 @@ "HomePath": "%%1793", "LogonHours": "%%1797", "NewUACList": [ - "SCRIPT", - "LOCKOUT" + "USER_ACCOUNT_DISABLED", + "USER_PASSWORD_NOT_REQUIRED", + "USER_NORMAL_ACCOUNT" ], "NewUacValue": "0x15", "OldUacValue": "0x0", @@ -115,7 +115,6 @@ "iam" ], "code": "4720", - "ingested": "2022-06-08T06:21:08.280855300Z", "kind": "event", "module": "security", "outcome": "success", @@ -161,8 +160,9 @@ "HomePath": "%%1793", "LogonHours": "%%1797", "NewUACList": [ - "SCRIPT", - "LOCKOUT" + "USER_ACCOUNT_DISABLED", + "USER_PASSWORD_NOT_REQUIRED", + "USER_NORMAL_ACCOUNT" ], "NewUacValue": "0x15", "OldUacValue": "0x0", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4722_Account_Enabled.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4722_Account_Enabled.golden.json index 4309e4ab563..8acd38ccd8b 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4722_Account_Enabled.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4722_Account_Enabled.golden.json @@ -10,7 +10,6 @@ "iam" ], "code": "4722", - "ingested": "2022-06-08T06:21:08.289118900Z", "kind": "event", "module": "security", "outcome": "success", @@ -88,7 +87,6 @@ "iam" ], "code": "4722", - "ingested": "2022-06-08T06:21:08.289135100Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4723_Password_Change.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4723_Password_Change.golden.json index 78be6924e11..0738a3cac0c 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4723_Password_Change.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4723_Password_Change.golden.json @@ -10,7 +10,6 @@ "iam" ], "code": "4723", - "ingested": "2022-06-08T06:21:08.294838400Z", "kind": "event", "module": "security", "outcome": "failure", @@ -88,7 +87,6 @@ "iam" ], "code": "4723", - "ingested": "2022-06-08T06:21:08.294849500Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4724_Password_Reset.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4724_Password_Reset.golden.json index 1222c6ba73e..58663b21618 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4724_Password_Reset.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4724_Password_Reset.golden.json @@ -10,7 +10,6 @@ "iam" ], "code": "4724", - "ingested": "2022-06-08T06:21:08.301226700Z", "kind": "event", "module": "security", "outcome": "success", @@ -88,7 +87,6 @@ "iam" ], "code": "4724", - "ingested": "2022-06-08T06:21:08.301245800Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4725_Account_Disabled.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4725_Account_Disabled.golden.json index 1ef20e9827b..5b50072792d 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4725_Account_Disabled.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4725_Account_Disabled.golden.json @@ -10,7 +10,6 @@ "iam" ], "code": "4725", - "ingested": "2022-06-08T06:21:08.307262100Z", "kind": "event", "module": "security", "outcome": "success", @@ -88,7 +87,6 @@ "iam" ], "code": "4725", - "ingested": "2022-06-08T06:21:08.307282600Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4726_Account_Deleted.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4726_Account_Deleted.golden.json index 7ae020ab410..9b8a6c9fc01 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4726_Account_Deleted.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4726_Account_Deleted.golden.json @@ -10,7 +10,6 @@ "iam" ], "code": "4726", - "ingested": "2022-06-08T06:21:08.313870400Z", "kind": "event", "module": "security", "outcome": "success", @@ -89,7 +88,6 @@ "iam" ], "code": "4726", - "ingested": "2022-06-08T06:21:08.313890100Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4727.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4727.golden.json index 5f769bd5580..d1779d672d1 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4727.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4727.golden.json @@ -10,7 +10,6 @@ "iam" ], "code": "4727", - "ingested": "2022-06-08T06:21:08.321314400Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4728.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4728.golden.json index 7b84dca0639..1c5e5f81d93 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4728.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4728.golden.json @@ -10,7 +10,6 @@ "iam" ], "code": "4728", - "ingested": "2022-06-08T06:21:08.326362Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4729.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4729.golden.json index 143098d35b5..836f496a634 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4729.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4729.golden.json @@ -10,7 +10,6 @@ "iam" ], "code": "4729", - "ingested": "2022-06-08T06:21:08.331614100Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4730.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4730.golden.json index d49edf63728..951030babe6 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4730.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4730.golden.json @@ -10,7 +10,6 @@ "iam" ], "code": "4730", - "ingested": "2022-06-08T06:21:08.335699200Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4731.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4731.golden.json index de17dbfd0f3..2c2d9988fb5 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4731.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4731.golden.json @@ -10,7 +10,6 @@ "iam" ], "code": "4731", - "ingested": "2022-06-08T06:21:08.339943300Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4732.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4732.golden.json index c4309ee4d91..8d382bc8cc6 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4732.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4732.golden.json @@ -10,7 +10,6 @@ "iam" ], "code": "4732", - "ingested": "2022-06-08T06:21:08.344534800Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4733.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4733.golden.json index 17f9624127a..5bc1bdbe2d5 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4733.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4733.golden.json @@ -10,7 +10,6 @@ "iam" ], "code": "4733", - "ingested": "2022-06-08T06:21:08.349155Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4734.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4734.golden.json index 225dcd822b5..2042cc2b932 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4734.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4734.golden.json @@ -10,7 +10,6 @@ "iam" ], "code": "4734", - "ingested": "2022-06-08T06:21:08.353949600Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4735.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4735.golden.json index 4c8ed694228..4ad378e3040 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4735.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4735.golden.json @@ -10,7 +10,6 @@ "iam" ], "code": "4735", - "ingested": "2022-06-08T06:21:08.358858100Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4737.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4737.golden.json index 31ca8e5aa0d..7fdf3fb4589 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4737.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4737.golden.json @@ -10,7 +10,6 @@ "iam" ], "code": "4737", - "ingested": "2022-06-08T06:21:08.363652300Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4738_Account_Changed.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4738_Account_Changed.golden.json index c696e8495fe..025b1f20bca 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4738_Account_Changed.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4738_Account_Changed.golden.json @@ -10,7 +10,6 @@ "iam" ], "code": "4738", - "ingested": "2022-06-08T06:21:08.368099900Z", "kind": "event", "module": "security", "outcome": "success", @@ -57,8 +56,8 @@ "HomePath": "%%1793", "LogonHours": "%%1797", "NewUACList": [ - "LOCKOUT", - "NORMAL_ACCOUNT" + "USER_NORMAL_ACCOUNT", + "USER_DONT_EXPIRE_PASSWORD" ], "NewUacValue": "0x210", "OldUacValue": "0x210", @@ -114,7 +113,6 @@ "iam" ], "code": "4738", - "ingested": "2022-06-08T06:21:08.368122700Z", "kind": "event", "module": "security", "outcome": "success", @@ -161,8 +159,8 @@ "HomePath": "%%1793", "LogonHours": "%%1797", "NewUACList": [ - "LOCKOUT", - "NORMAL_ACCOUNT" + "USER_NORMAL_ACCOUNT", + "USER_DONT_EXPIRE_PASSWORD" ], "NewUacValue": "0x210", "OldUacValue": "0x10", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4740_Account_Locked_Out.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4740_Account_Locked_Out.golden.json index f9adb19e87f..eaec5eb7104 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4740_Account_Locked_Out.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4740_Account_Locked_Out.golden.json @@ -10,7 +10,6 @@ "iam" ], "code": "4740", - "ingested": "2022-06-08T06:21:08.374783400Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4754.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4754.golden.json index f59e7492bb5..f01b564e6ec 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4754.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4754.golden.json @@ -10,7 +10,6 @@ "iam" ], "code": "4754", - "ingested": "2022-06-08T06:21:08.378911400Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4755.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4755.golden.json index b2481b95d8f..7d41c2ec98d 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4755.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4755.golden.json @@ -10,7 +10,6 @@ "iam" ], "code": "4755", - "ingested": "2022-06-08T06:21:08.383281700Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4756.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4756.golden.json index b72c1368c6d..29b96fbe24d 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4756.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4756.golden.json @@ -10,7 +10,6 @@ "iam" ], "code": "4756", - "ingested": "2022-06-08T06:21:08.387537200Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4757.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4757.golden.json index d91aeda784d..0193719b9a2 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4757.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4757.golden.json @@ -10,7 +10,6 @@ "iam" ], "code": "4757", - "ingested": "2022-06-08T06:21:08.392196700Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4758.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4758.golden.json index 74efb603c38..b27f572f3c2 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4758.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4758.golden.json @@ -10,7 +10,6 @@ "iam" ], "code": "4758", - "ingested": "2022-06-08T06:21:08.397524900Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4764.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4764.golden.json index c7bc4ea695b..ab0e757d041 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4764.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4764.golden.json @@ -10,7 +10,6 @@ "iam" ], "code": "4764", - "ingested": "2022-06-08T06:21:08.402264500Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4767_Account_Unlocked.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4767_Account_Unlocked.golden.json index 580a61a6c5d..a194a3ff534 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4767_Account_Unlocked.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4767_Account_Unlocked.golden.json @@ -10,7 +10,6 @@ "iam" ], "code": "4767", - "ingested": "2022-06-08T06:21:08.406967900Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4781_Account_Renamed.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4781_Account_Renamed.golden.json index 9a35ec91ecb..0010cc0078c 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4781_Account_Renamed.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4781_Account_Renamed.golden.json @@ -10,7 +10,6 @@ "iam" ], "code": "4781", - "ingested": "2022-06-08T06:21:08.411904100Z", "kind": "event", "module": "security", "outcome": "success", @@ -92,7 +91,6 @@ "iam" ], "code": "4781", - "ingested": "2022-06-08T06:21:08.411917600Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4798.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4798.golden.json index 509e419a406..460c9d3a84f 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4798.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4798.golden.json @@ -10,7 +10,6 @@ "iam" ], "code": "4798", - "ingested": "2022-06-08T06:21:08.418048300Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4799.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4799.golden.json index d409e37cd1c..6473c013f42 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4799.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4799.golden.json @@ -10,7 +10,6 @@ "iam" ], "code": "4799", - "ingested": "2022-06-08T06:21:08.422696500Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4964.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4964.golden.json index 43f17a4f460..e62ac7e2cd7 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4964.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2016_4964.golden.json @@ -10,7 +10,6 @@ "iam" ], "code": "4964", - "ingested": "2022-06-08T06:21:08.427966400Z", "kind": "event", "module": "security", "outcome": "success", @@ -86,7 +85,6 @@ "iam" ], "code": "4964", - "ingested": "2022-06-08T06:21:08.427985300Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2019_4688_Process_Created.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2019_4688_Process_Created.golden.json index b25a579320a..6ad492a4179 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2019_4688_Process_Created.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2019_4688_Process_Created.golden.json @@ -10,7 +10,6 @@ "process" ], "code": "4688", - "ingested": "2022-06-08T06:21:08.435053500Z", "kind": "event", "module": "security", "outcome": "success", diff --git a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2019_4689_Process_Exited.golden.json b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2019_4689_Process_Exited.golden.json index b645ea0b1cf..5ed8e0d2dde 100644 --- a/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2019_4689_Process_Exited.golden.json +++ b/x-pack/winlogbeat/module/security/test/testdata/ingest/security-windows2019_4689_Process_Exited.golden.json @@ -10,7 +10,6 @@ "process" ], "code": "4689", - "ingested": "2022-06-08T06:21:08.450696200Z", "kind": "event", "module": "security", "outcome": "success", @@ -83,7 +82,6 @@ "process" ], "code": "4689", - "ingested": "2022-06-08T06:21:08.450710900Z", "kind": "event", "module": "security", "outcome": "success", @@ -156,7 +154,6 @@ "process" ], "code": "4689", - "ingested": "2022-06-08T06:21:08.450714900Z", "kind": "event", "module": "security", "outcome": "success",