additional process callstack fields (#435)

* add missing process.parent.thread.Ext.call_stack fields * add generated file
elastic · Oct 3, 2023 · b412bfe · b412bfe
1 parent b551419
commit b412bfe
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 0 deletions.
diff --git a/custom_documentation/doc/endpoint/process/windows/windows_process_create.md b/custom_documentation/doc/endpoint/process/windows/windows_process_create.md
@@ -107,6 +107,9 @@ This event is generated when a process is created.
 | process.parent.name |
 | process.parent.pid |
 | process.parent.thread.Ext.call_stack.symbol_info |
+| process.parent.thread.Ext.call_stack.protection |
+| process.parent.thread.Ext.call_stack.callsite_leading_bytes |
+| process.parent.thread.Ext.call_stack.callsite_trailing_bytes |
 | process.parent.thread.Ext.call_stack_contains_unbacked |
 | process.parent.thread.Ext.call_stack_summary |
 | process.pe.imphash |

diff --git a/custom_documentation/src/endpoint/data_stream/process/windows/windows_process_create.yaml b/custom_documentation/src/endpoint/data_stream/process/windows/windows_process_create.yaml
@@ -112,6 +112,9 @@ fields:
   - process.parent.name
   - process.parent.pid
   - process.parent.thread.Ext.call_stack.symbol_info
+  - process.parent.thread.Ext.call_stack.protection
+  - process.parent.thread.Ext.call_stack.callsite_leading_bytes
+  - process.parent.thread.Ext.call_stack.callsite_trailing_bytes
   - process.parent.thread.Ext.call_stack_contains_unbacked
   - process.parent.thread.Ext.call_stack_summary
   - process.pe.imphash