This PR aims to add a subfield to the process.name and process.executable fields to improve the compatibility of data sources like System, Sysmon, etc., with our Elastic Defend data. This enables us to handle language limitations in KQL more effectively.
Summary
Related PR: https://github.com/elastic/integrations/pull/9850
This PR aims to add a subfield to the
process.name
andprocess.executable
fields to improve the compatibility of data sources like System, Sysmon, etc., with our Elastic Defend data. This enables us to handle language limitations in KQL more effectively.Elastic Defend Mapping: