Sysmon module fields

Stack Beta

These are the event fields specific to the Sysmon module.

sysmon.dns.status

Windows status code returned for the DNS query.

type: keyword

sysmon.file.archived

Indicates if the deleted file was archived.

type: boolean

sysmon.file.is_executable

Indicates if the deleted file was an executable.

type: boolean