Fix spelling in Sysmon Network Connection event

OTRF / OSSEM

Open Source Security Events Metadata (OSSEM)

MIT License

1.22k stars 212 forks source link

Closed dominiklohmann closed 4 years ago

dominiklohmann commented 4 years ago

The actual field name is DestinationHostname, not DestinationHostName.

Cyb3rWard0g commented 4 years ago

Good catch @dominiklohmann ! Thank you very much :)

Cyb3rWard0g commented 4 years ago

ohh wait. I just looked at the Sysmon schema (latest V11.0) and it is with lowercase https://github.com/hunters-forge/OSSEM/blob/master/resources/schemas/sysmonv11.0_4.30.xml#L84 🤔 What version of Sysmon are you running? I do not have a box to test it at the moment. Would you mind testing it with latest version?

mavam commented 4 years ago

We do have box running Sysmon, which is how we discovered the discrepancy. We'll check the version and will get back.

dominiklohmann commented 4 years ago

We're running 11, just confirmed it. The output uses a lowercase n.

hxnoyd commented 4 years ago

We're running 11, just confirmed it. The output uses a lowercase n.

@dominiklohmann, @mavam thanks for the PR. I had missed that typo when converting the data dictionaries to YAML.