This documentation contains work-in-progress information for future Elastic Stack and Cloud releases. Use the version selector to view supported release docs. It also contains some Elastic Cloud serverless information. Check out our serverless docs for more details.
IMPORTANT: This documentation is no longer updated. Refer to Elastic's version policy and the latest documentation.
These are the event fields specific to the Sysmon module.
-
sysmon.dns.status -
Windows status code returned for the DNS query.
type: keyword
-
sysmon.file.archived -
Indicates if the deleted file was archived.
type: boolean
-
sysmon.file.is_executable -
Indicates if the deleted file was an executable.
type: boolean