Open nicolasreich opened 3 years ago
Hey @nicolasreich ! Thank you very much for going through the events standardization and providing feedback. We are still working on those and trying to create the right data entity for those and attributes. I will add that to the list of upcoming updates. I believe initially it was meant to be part of the Target Entity. That needs to be reviewed.
In the Data Dictionary of Windows Security Event 4741, the field
UserParameters
is translated intotarget_host_user_paremeters
(with a typo), and UserAccountControl intotarget_host_user_account_control
. For Event 4742, the corresponding fields are translated intotarget_host_parameters
andtarget_host_account_control
, so with oneuser
fewer. I haven't been able to find those defined in the CDM; what is the right standard field name?