File tree Expand file tree Collapse file tree 2 files changed +6
-0
lines changed
doc/endpoint/process/windows
src/endpoint/data_stream/process/windows Expand file tree Collapse file tree 2 files changed +6
-0
lines changed Original file line number Diff line number Diff line change @@ -107,6 +107,9 @@ This event is generated when a process is created.
107107| process.parent.name |
108108| process.parent.pid |
109109| process.parent.thread.Ext.call_stack.symbol_info |
110+ | process.parent.thread.Ext.call_stack.protection |
111+ | process.parent.thread.Ext.call_stack.callsite_leading_bytes |
112+ | process.parent.thread.Ext.call_stack.callsite_trailing_bytes |
110113| process.parent.thread.Ext.call_stack_contains_unbacked |
111114| process.parent.thread.Ext.call_stack_summary |
112115| process.pe.imphash |
Original file line number Diff line number Diff line change @@ -112,6 +112,9 @@ fields:
112112 - process.parent.name
113113 - process.parent.pid
114114 - process.parent.thread.Ext.call_stack.symbol_info
115+ - process.parent.thread.Ext.call_stack.protection
116+ - process.parent.thread.Ext.call_stack.callsite_leading_bytes
117+ - process.parent.thread.Ext.call_stack.callsite_trailing_bytes
115118 - process.parent.thread.Ext.call_stack_contains_unbacked
116119 - process.parent.thread.Ext.call_stack_summary
117120 - process.pe.imphash
You can’t perform that action at this time.
0 commit comments