-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Winlogbeat][Sysmon] Remove top level hash property from sysmon events #20653
Conversation
Pinging @elastic/siem (Team:SIEM) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add a breaking change entry to the changelog file too.
187def9
to
99f22e5
Compare
Just noticed I previously added some CHANGELOG entries in the breaking change section by mistake 🤦 Will fix that in a following PR, both in master and in release branches |
99f22e5
to
9d6d28f
Compare
elastic#20653) * Remove top level hash property from sysmon events * Add CHANGELOG entry
What does this PR do?
Removes top level
hash
property from sysmon eventsWhy is it important?
To be compliant with ECS,
hash
property should only be nested.Checklist
- [ ] My code follows the style guidelines of this project- [ ] I have commented my code, particularly in hard-to-understand areas- [ ] I have made corresponding changes to the documentation- [ ] I have made corresponding change to the default configuration filesCHANGELOG.next.asciidoc
orCHANGELOG-developer.next.asciidoc
.