Add session category to events

elastic · Feb 3, 2021 · c20482d · c20482d
1 parent f468000
commit c20482d
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 2 deletions.
diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
@@ -1003,6 +1003,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
 - Add dns.question.subdomain fields for sysmon DNS events. {pull}22999[22999]
 - Add dns.question.top_level_domain fields for sysmon DNS events. {pull}23046[23046]
 - Add Audit and Authentication Polixy Change Events and related.ip information {pull}20684[20684]
+- Add new ECS 1.8 improvements. {pull}23563[23563]
 
 *Elastic Log Driver*
 

diff --git a/x-pack/winlogbeat/module/security/config/winlogbeat-security.js b/x-pack/winlogbeat/module/security/config/winlogbeat-security.js
@@ -250,8 +250,8 @@ var security = (function () {
         "4770": [["authentication"], ["start"], "kerberos-service-ticket-renewed"],
         "4771": [["authentication"], ["start"], "kerberos-preauth-failed"],
         "4776": [["authentication"], ["start"], "credential-validated"],
-        "4778": [["authentication"], ["start"], "session-reconnected"],
-        "4779": [["authentication"], ["end"], "session-disconnected"],
+        "4778": [["authentication", "session"], ["start"], "session-reconnected"],
+        "4779": [["authentication", "session"], ["end"], "session-disconnected"],
         "4781": [["iam"], ["user", "change"], "renamed-user-account"],
         "4798": [["iam"], ["user", "info"], "group-membership-enumerated"], // process enumerates the local groups to which the specified user belongs
         "4799": [["iam"], ["group", "info"], "user-member-enumerated"], // a process enumerates the members of the specified local group