From d11d6092d0dcd505c8bba0e7a12ceb6d7b02700b Mon Sep 17 00:00:00 2001 From: Andrew Stucki Date: Mon, 18 May 2020 22:59:47 -0400 Subject: [PATCH] Fix bad field mappings in winlogbeat sysmon module (#18626) --- .../module/sysmon/config/winlogbeat-sysmon.js | 183 +- .../testdata/sysmon-10.2-dns.evtx.golden.json | 3900 ++++++++--------- .../sysmon-11-filedelete.evtx.golden.json | 54 +- .../testdata/sysmon-9.01.evtx.golden.json | 478 +- 4 files changed, 2170 insertions(+), 2445 deletions(-) diff --git a/x-pack/winlogbeat/module/sysmon/config/winlogbeat-sysmon.js b/x-pack/winlogbeat/module/sysmon/config/winlogbeat-sysmon.js index f7dac99a4e82..a491a1e67be5 100644 --- a/x-pack/winlogbeat/module/sysmon/config/winlogbeat-sysmon.js +++ b/x-pack/winlogbeat/module/sysmon/config/winlogbeat-sysmon.js @@ -632,14 +632,13 @@ var sysmon = (function () { .Add(parseUtcTime) .AddFields({ fields: { - "event.category": ["process"], - "event.type": ["start", "process_start"], + category: ["process"], + type: ["start", "process_start"], }, - target: "", + target: "event", }) .Convert({ - fields: [ - { + fields: [{ from: "winlog.event_data.UtcTime", to: "@timestamp", }, @@ -701,13 +700,13 @@ var sysmon = (function () { .Add(parseUtcTime) .AddFields({ fields: { - "event.category": ["file"], - "event.type": ["change"], + category: ["file"], + type: ["change"], }, + target: "event", }) .Convert({ - fields: [ - { + fields: [{ from: "winlog.event_data.UtcTime", to: "@timestamp", }, @@ -744,13 +743,13 @@ var sysmon = (function () { .Add(parseUtcTime) .AddFields({ fields: { - "event.category": ["network"], - "event.type": ["connection", "start", "protocol"], + category: ["network"], + type: ["connection", "start", "protocol"], }, + target: "event", }) .Convert({ - fields: [ - { + fields: [{ from: "winlog.event_data.UtcTime", to: "@timestamp", }, @@ -825,17 +824,16 @@ var sysmon = (function () { .Add(parseUtcTime) .AddFields({ fields: { - "event.category": ["process"], - "event.type": ["change"], + category: ["process"], + type: ["change"], }, + target: "event", }) .Convert({ - fields: [ - { - from: "winlog.event_data.UtcTime", - to: "@timestamp", - }, - ], + fields: [{ + from: "winlog.event_data.UtcTime", + to: "@timestamp", + }, ], mode: "rename", ignore_missing: true, fail_on_error: false, @@ -848,14 +846,13 @@ var sysmon = (function () { .Add(parseUtcTime) .AddFields({ fields: { - "event.category": ["process"], - "event.type": ["end", "process_end"], + category: ["process"], + type: ["end", "process_end"], }, - target: "", + target: "event", }) .Convert({ - fields: [ - { + fields: [{ from: "winlog.event_data.UtcTime", to: "@timestamp", }, @@ -887,13 +884,13 @@ var sysmon = (function () { .Add(parseUtcTime) .AddFields({ fields: { - "event.category": ["driver"], - "event.type": ["start"], + category: ["driver"], + type: ["start"], }, + target: "event", }) .Convert({ - fields: [ - { + fields: [{ from: "winlog.event_data.UtcTime", to: "@timestamp", }, @@ -907,8 +904,7 @@ var sysmon = (function () { fail_on_error: false, }) .Convert({ - fields: [ - { + fields: [{ from: "winlog.event_data.Signature", to: "file.code_signature.subject_name", }, @@ -931,13 +927,13 @@ var sysmon = (function () { .Add(parseUtcTime) .AddFields({ fields: { - "event.category": ["process"], - "event.type": ["change"], + category: ["process"], + type: ["change"], }, + target: "event", }) .Convert({ - fields: [ - { + fields: [{ from: "winlog.event_data.UtcTime", to: "@timestamp", }, @@ -964,8 +960,7 @@ var sysmon = (function () { fail_on_error: false, }) .Convert({ - fields: [ - { + fields: [{ from: "winlog.event_data.Signature", to: "file.code_signature.subject_name", }, @@ -988,8 +983,7 @@ var sysmon = (function () { var event8 = new processor.Chain() .Add(parseUtcTime) .Convert({ - fields: [ - { + fields: [{ from: "winlog.event_data.UtcTime", to: "@timestamp", }, @@ -1020,8 +1014,7 @@ var sysmon = (function () { var event9 = new processor.Chain() .Add(parseUtcTime) .Convert({ - fields: [ - { + fields: [{ from: "winlog.event_data.UtcTime", to: "@timestamp", }, @@ -1058,13 +1051,13 @@ var sysmon = (function () { .Add(parseUtcTime) .AddFields({ fields: { - "event.category": ["process"], - "event.type": ["access"], + category: ["process"], + type: ["access"], }, + target: "event", }) .Convert({ - fields: [ - { + fields: [{ from: "winlog.event_data.UtcTime", to: "@timestamp", }, @@ -1101,13 +1094,13 @@ var sysmon = (function () { .Add(parseUtcTime) .AddFields({ fields: { - "event.category": ["file"], - "event.type": ["creation"], + category: ["file"], + type: ["creation"], }, + target: "event", }) .Convert({ - fields: [ - { + fields: [{ from: "winlog.event_data.UtcTime", to: "@timestamp", }, @@ -1143,8 +1136,7 @@ var sysmon = (function () { var event12 = new processor.Chain() .Add(parseUtcTime) .Convert({ - fields: [ - { + fields: [{ from: "winlog.event_data.UtcTime", to: "@timestamp", }, @@ -1176,8 +1168,7 @@ var sysmon = (function () { var event13 = new processor.Chain() .Add(parseUtcTime) .Convert({ - fields: [ - { + fields: [{ from: "winlog.event_data.UtcTime", to: "@timestamp", }, @@ -1209,8 +1200,7 @@ var sysmon = (function () { var event14 = new processor.Chain() .Add(parseUtcTime) .Convert({ - fields: [ - { + fields: [{ from: "winlog.event_data.UtcTime", to: "@timestamp", }, @@ -1243,13 +1233,13 @@ var sysmon = (function () { .Add(parseUtcTime) .AddFields({ fields: { - "event.category": ["file"], - "event.type": ["access"], + category: ["file"], + type: ["access"], }, + target: "event", }) .Convert({ - fields: [ - { + fields: [{ from: "winlog.event_data.UtcTime", to: "@timestamp", }, @@ -1286,12 +1276,10 @@ var sysmon = (function () { var event16 = new processor.Chain() .Add(parseUtcTime) .Convert({ - fields: [ - { - from: "winlog.event_data.UtcTime", - to: "@timestamp", - }, - ], + fields: [{ + from: "winlog.event_data.UtcTime", + to: "@timestamp", + }, ], mode: "rename", ignore_missing: true, fail_on_error: false, @@ -1304,13 +1292,13 @@ var sysmon = (function () { .Add(parseUtcTime) .AddFields({ fields: { - "event.category": ["file"], // pipes are files - "event.type": ["creation"], + category: ["file"], // pipes are files + type: ["creation"], }, + target: "event", }) .Convert({ - fields: [ - { + fields: [{ from: "winlog.event_data.UtcTime", to: "@timestamp", }, @@ -1346,13 +1334,13 @@ var sysmon = (function () { .Add(parseUtcTime) .AddFields({ fields: { - "event.category": ["file"], // pipes are files - "event.type": ["access"], + category: ["file"], // pipes are files + type: ["access"], }, + target: "event", }) .Convert({ - fields: [ - { + fields: [{ from: "winlog.event_data.UtcTime", to: "@timestamp", }, @@ -1387,12 +1375,10 @@ var sysmon = (function () { var event19 = new processor.Chain() .Add(parseUtcTime) .Convert({ - fields: [ - { - from: "winlog.event_data.UtcTime", - to: "@timestamp", - }, - ], + fields: [{ + from: "winlog.event_data.UtcTime", + to: "@timestamp", + }, ], mode: "rename", ignore_missing: true, fail_on_error: false, @@ -1406,8 +1392,7 @@ var sysmon = (function () { var event20 = new processor.Chain() .Add(parseUtcTime) .Convert({ - fields: [ - { + fields: [{ from: "winlog.event_data.UtcTime", to: "@timestamp", }, @@ -1430,12 +1415,10 @@ var sysmon = (function () { var event21 = new processor.Chain() .Add(parseUtcTime) .Convert({ - fields: [ - { - from: "winlog.event_data.UtcTime", - to: "@timestamp", - }, - ], + fields: [{ + from: "winlog.event_data.UtcTime", + to: "@timestamp", + }, ], mode: "rename", ignore_missing: true, fail_on_error: false, @@ -1450,16 +1433,19 @@ var sysmon = (function () { .Add(parseUtcTime) .AddFields({ fields: { - "event.category": ["network"], - "event.type": ["connection", "protocol", "info"], + category: ["network"], + type: ["connection", "protocol", "info"], }, - network: { + target: "event", + }) + .AddFields({ + fields: { protocol: "dns", }, + target: "network", }) .Convert({ - fields: [ - { + fields: [{ from: "winlog.event_data.UtcTime", to: "@timestamp", }, @@ -1507,13 +1493,13 @@ var sysmon = (function () { .Add(parseUtcTime) .AddFields({ fields: { - "event.category": ["file"], // pipes are files - "event.type": ["deletion"], + category: ["file"], // pipes are files + type: ["deletion"], }, + target: "event", }) .Convert({ - fields: [ - { + fields: [{ from: "winlog.event_data.UtcTime", to: "@timestamp", }, @@ -1565,8 +1551,7 @@ var sysmon = (function () { var event255 = new processor.Chain() .Add(parseUtcTime) .Convert({ - fields: [ - { + fields: [{ from: "winlog.event_data.UtcTime", to: "@timestamp", }, diff --git a/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-10.2-dns.evtx.golden.json b/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-10.2-dns.evtx.golden.json index ecf9e1b79874..08361166031b 100644 --- a/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-10.2-dns.evtx.golden.json +++ b/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-10.2-dns.evtx.golden.json @@ -25,22 +25,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -48,6 +44,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a8-5d2f-0000-001094619900}", "executable": "C:\\Program Files\\Internet Explorer\\iexplore.exe", @@ -108,22 +107,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -131,6 +126,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -192,22 +190,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -215,6 +209,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -280,22 +277,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -303,6 +296,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a8-5d2f-0000-001094619900}", "executable": "C:\\Program Files\\Internet Explorer\\iexplore.exe", @@ -363,22 +359,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -386,6 +378,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -453,22 +448,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -476,6 +467,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -532,22 +526,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -555,6 +545,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -620,22 +613,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -643,6 +632,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -695,22 +687,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -718,6 +706,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -786,22 +777,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -809,6 +796,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -909,22 +899,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -932,6 +918,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -988,22 +977,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -1011,6 +996,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -1071,22 +1059,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -1094,6 +1078,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -1159,22 +1146,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -1182,6 +1165,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -1234,22 +1220,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -1257,6 +1239,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -1323,22 +1308,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -1346,6 +1327,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -1406,22 +1390,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -1429,6 +1409,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -1489,22 +1472,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -1512,6 +1491,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -1599,22 +1581,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -1622,6 +1600,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -1689,22 +1670,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -1712,6 +1689,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -1824,22 +1804,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -1847,6 +1823,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -1947,22 +1926,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -1970,6 +1945,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -2075,22 +2053,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -2098,6 +2072,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -2168,22 +2145,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -2191,6 +2164,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -2298,22 +2274,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -2321,6 +2293,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -2431,22 +2406,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -2454,6 +2425,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -2510,22 +2484,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -2533,6 +2503,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -2634,22 +2607,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -2657,6 +2626,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -2717,22 +2689,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -2740,6 +2708,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -2841,22 +2812,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -2864,6 +2831,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -2920,22 +2890,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -2943,6 +2909,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -2999,22 +2968,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -3022,6 +2987,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -3117,22 +3085,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -3140,6 +3104,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -3224,22 +3191,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -3247,6 +3210,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -3303,22 +3269,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -3326,6 +3288,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -3417,22 +3382,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -3440,6 +3401,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -3546,22 +3510,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -3569,6 +3529,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -3676,22 +3639,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -3699,6 +3658,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -3755,22 +3717,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -3778,6 +3736,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -3884,22 +3845,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -3907,6 +3864,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -4007,22 +3967,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -4030,6 +3986,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -4086,22 +4045,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -4109,6 +4064,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -4161,22 +4119,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -4184,6 +4138,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -4253,22 +4210,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -4276,6 +4229,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -4372,22 +4328,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -4395,6 +4347,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -4495,22 +4450,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -4518,6 +4469,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -4582,22 +4536,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -4605,6 +4555,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -4712,22 +4665,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -4735,6 +4684,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -4800,22 +4752,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -4823,6 +4771,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -4908,22 +4859,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -4931,6 +4878,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -4991,22 +4941,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -5014,6 +4960,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -5070,22 +5019,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -5093,6 +5038,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -5136,22 +5084,18 @@ } }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -5159,6 +5103,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -5202,22 +5149,18 @@ } }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -5225,6 +5168,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -5326,22 +5272,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -5349,6 +5291,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -5414,22 +5359,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -5437,6 +5378,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -5493,22 +5437,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -5516,6 +5456,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -5617,22 +5560,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -5640,6 +5579,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -5705,22 +5647,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -5728,6 +5666,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -5829,22 +5770,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -5852,6 +5789,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -5908,22 +5848,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -5931,6 +5867,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -6002,22 +5941,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -6025,6 +5960,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -6096,22 +6034,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -6119,6 +6053,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -6176,22 +6113,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -6199,6 +6132,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -6300,22 +6236,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -6323,6 +6255,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -6430,22 +6365,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -6453,6 +6384,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -6560,22 +6494,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -6583,6 +6513,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -6684,22 +6617,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -6707,6 +6636,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -6772,22 +6704,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -6795,6 +6723,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -6866,22 +6797,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -6889,6 +6816,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -6945,22 +6875,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -6968,6 +6894,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -7069,22 +6998,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -7092,6 +7017,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -7203,22 +7131,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -7226,6 +7150,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -7326,22 +7253,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -7349,6 +7272,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -7409,22 +7335,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -7432,6 +7354,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -7538,22 +7463,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -7561,6 +7482,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -7621,22 +7545,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -7644,6 +7564,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -7750,22 +7673,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -7773,6 +7692,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -7874,22 +7796,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -7897,6 +7815,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -7976,22 +7897,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -7999,6 +7916,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -8106,22 +8026,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -8129,6 +8045,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -8210,22 +8129,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -8233,6 +8148,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -8285,22 +8203,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -8308,6 +8222,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -8409,22 +8326,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -8432,6 +8345,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -8503,22 +8419,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -8526,6 +8438,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -8578,22 +8493,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -8601,6 +8512,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -8702,22 +8616,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -8725,6 +8635,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -8827,22 +8740,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -8850,6 +8759,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -8931,22 +8843,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -8954,6 +8862,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -9055,22 +8966,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -9078,6 +8985,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -9168,22 +9078,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -9191,6 +9097,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -9281,22 +9190,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -9304,6 +9209,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -9415,22 +9323,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -9438,6 +9342,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -9540,22 +9447,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -9563,6 +9466,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -9658,22 +9564,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -9681,6 +9583,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -9782,22 +9687,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -9805,6 +9706,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -9906,22 +9810,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -9929,6 +9829,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -9989,22 +9892,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -10012,6 +9911,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -10111,22 +10013,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -10134,6 +10032,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -10194,22 +10095,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -10217,6 +10114,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -10288,22 +10188,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -10311,6 +10207,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -10372,22 +10271,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -10395,6 +10290,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -10456,22 +10354,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -10479,6 +10373,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -10539,22 +10436,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -10562,6 +10455,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -10623,22 +10519,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -10646,6 +10538,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a8-5d2f-0000-001094619900}", "executable": "C:\\Program Files\\Internet Explorer\\iexplore.exe", @@ -10702,22 +10597,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -10725,6 +10616,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -10790,22 +10684,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -10813,6 +10703,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -10873,22 +10766,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -10896,6 +10785,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -10960,22 +10852,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -10983,6 +10871,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -11043,22 +10934,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -11066,6 +10953,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -11126,22 +11016,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -11149,6 +11035,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -11209,22 +11098,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -11232,6 +11117,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -11339,22 +11227,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -11362,6 +11246,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -11433,22 +11320,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -11456,6 +11339,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -11518,22 +11404,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -11541,6 +11423,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -11643,22 +11528,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -11666,6 +11547,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -11718,22 +11602,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -11741,6 +11621,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -11801,22 +11684,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -11824,6 +11703,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -11930,22 +11812,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -11953,6 +11831,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -12009,22 +11890,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -12032,6 +11909,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -12092,22 +11972,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -12115,6 +11991,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -12219,22 +12098,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -12242,6 +12117,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -12352,22 +12230,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -12375,6 +12249,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -12435,22 +12312,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -12458,6 +12331,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -12564,22 +12440,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -12587,6 +12459,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -12694,22 +12569,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -12717,6 +12588,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -12819,22 +12693,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -12842,6 +12712,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -12939,22 +12812,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -12962,6 +12831,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -13069,22 +12941,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -13092,6 +12960,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -13403,22 +13274,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -13426,6 +13293,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -13547,22 +13417,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -13570,6 +13436,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -13626,22 +13495,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -13649,6 +13514,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -13713,22 +13581,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -13736,6 +13600,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -13779,22 +13646,18 @@ } }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -13802,6 +13665,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -13862,22 +13728,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -13885,6 +13747,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -13992,22 +13857,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -14015,6 +13876,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -14122,22 +13986,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -14145,6 +14005,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -14205,22 +14068,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -14228,6 +14087,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -14329,22 +14191,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -14352,6 +14210,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -14453,22 +14314,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -14476,6 +14333,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -14576,22 +14436,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -14599,6 +14455,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -14688,22 +14547,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -14711,6 +14566,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -14771,22 +14629,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -14794,6 +14648,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -14854,22 +14711,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -14877,6 +14730,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -14978,22 +14834,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -15001,6 +14853,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -15073,22 +14928,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -15096,6 +14947,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -15203,22 +15057,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -15226,6 +15076,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -15282,22 +15135,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -15305,6 +15154,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a9-5d2f-0000-001053699900}", "executable": "C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe", @@ -15365,22 +15217,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -15388,6 +15236,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a8-5d2f-0000-001094619900}", "executable": "C:\\Program Files\\Internet Explorer\\iexplore.exe", @@ -15444,22 +15295,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -15467,6 +15314,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-b1a2-5d2f-0000-00106aca0000}", "executable": "C:\\Windows\\System32\\svchost.exe", @@ -15510,22 +15360,18 @@ } }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -15533,6 +15379,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-b1a2-5d2f-0000-00106aca0000}", "executable": "C:\\Windows\\System32\\svchost.exe", @@ -15575,22 +15424,18 @@ } }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -15598,6 +15443,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e9f7-5d2f-0000-001031039c00}", "executable": "C:\\Program Files\\Puppet Labs\\Puppet\\sys\\ruby\\bin\\ruby.exe", @@ -15640,22 +15488,18 @@ } }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -15663,6 +15507,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-b1a2-5d2f-0000-001016f70000}", "executable": "C:\\Windows\\System32\\svchost.exe", @@ -15727,22 +15574,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -15750,6 +15593,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-b1a3-5d2f-0000-00102f440100}", "executable": "C:\\Windows\\System32\\svchost.exe", @@ -15806,22 +15652,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -15829,6 +15671,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-b1a3-5d2f-0000-00102f440100}", "executable": "C:\\Windows\\System32\\svchost.exe", @@ -15919,22 +15764,18 @@ ] }, "event": { + "category": [ + "network" + ], "code": 22, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "protocol", - "info" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] }, "host": { "name": "vagrant-2016" @@ -15942,6 +15783,9 @@ "log": { "level": "information" }, + "network": { + "protocol": "dns" + }, "process": { "entity_id": "{fa4a0de6-e8a8-5d2f-0000-001094619900}", "executable": "C:\\Program Files\\Internet Explorer\\iexplore.exe", diff --git a/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-11-filedelete.evtx.golden.json b/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-11-filedelete.evtx.golden.json index 31c7d0a7a26d..7e393e6c7ef8 100644 --- a/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-11-filedelete.evtx.golden.json +++ b/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-11-filedelete.evtx.golden.json @@ -2,20 +2,16 @@ { "@timestamp": "2020-05-07T08:14:44.489Z", "event": { + "category": [ + "file" + ], "code": 23, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "file" - ], - "type": [ - "deletion" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "deletion" + ] }, "file": { "directory": "C:\\Users\\vagrant\\AppData\\Local\\Temp\\1\\go-build583768550\\b001", @@ -91,20 +87,16 @@ { "@timestamp": "2020-05-07T07:27:18.722Z", "event": { + "category": [ + "file" + ], "code": 23, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "file" - ], - "type": [ - "deletion" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "deletion" + ] }, "file": { "directory": "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local", @@ -173,20 +165,16 @@ { "@timestamp": "2020-05-12T06:48:27.084Z", "event": { + "category": [ + "file" + ], "code": 23, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "file" - ], - "type": [ - "deletion" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "deletion" + ] }, "file": { "directory": "C:\\Windows\\System32\\LogFiles\\Scm", diff --git a/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-9.01.evtx.golden.json b/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-9.01.evtx.golden.json index cddd6776a82a..feb8d830da74 100644 --- a/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-9.01.evtx.golden.json +++ b/x-pack/winlogbeat/module/sysmon/test/testdata/sysmon-9.01.evtx.golden.json @@ -39,20 +39,16 @@ { "@timestamp": "2019-03-18T16:57:38.011Z", "event": { + "category": [ + "process" + ], "code": 4, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "process" - ], - "type": [ - "change" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "change" + ] }, "host": { "name": "vagrant-2012-r2" @@ -468,22 +464,18 @@ "port": 53 }, "event": { + "category": [ + "network" + ], "code": 3, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "start", - "protocol" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "start", + "protocol" + ] }, "host": { "name": "vagrant-2012-r2" @@ -549,22 +541,18 @@ "port": 53 }, "event": { + "category": [ + "network" + ], "code": 3, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "start", - "protocol" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "start", + "protocol" + ] }, "host": { "name": "vagrant-2012-r2" @@ -631,22 +619,18 @@ "port": 443 }, "event": { + "category": [ + "network" + ], "code": 3, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "start", - "protocol" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "start", + "protocol" + ] }, "host": { "name": "vagrant-2012-r2" @@ -713,22 +697,18 @@ "port": 443 }, "event": { + "category": [ + "network" + ], "code": 3, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "start", - "protocol" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "start", + "protocol" + ] }, "host": { "name": "vagrant-2012-r2" @@ -795,22 +775,18 @@ "port": 137 }, "event": { + "category": [ + "network" + ], "code": 3, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "start", - "protocol" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "start", + "protocol" + ] }, "host": { "name": "vagrant-2012-r2" @@ -881,22 +857,18 @@ "port": 137 }, "event": { + "category": [ + "network" + ], "code": 3, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "start", - "protocol" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "start", + "protocol" + ] }, "host": { "name": "vagrant-2012-r2" @@ -965,22 +937,18 @@ "port": 5355 }, "event": { + "category": [ + "network" + ], "code": 3, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "start", - "protocol" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "start", + "protocol" + ] }, "host": { "name": "vagrant-2012-r2" @@ -1047,22 +1015,18 @@ "port": 5355 }, "event": { + "category": [ + "network" + ], "code": 3, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "start", - "protocol" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "start", + "protocol" + ] }, "host": { "name": "vagrant-2012-r2" @@ -1128,22 +1092,18 @@ "port": 137 }, "event": { + "category": [ + "network" + ], "code": 3, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "start", - "protocol" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "start", + "protocol" + ] }, "host": { "name": "vagrant-2012-r2" @@ -1212,22 +1172,18 @@ "port": 137 }, "event": { + "category": [ + "network" + ], "code": 3, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "start", - "protocol" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "start", + "protocol" + ] }, "host": { "name": "vagrant-2012-r2" @@ -1296,22 +1252,18 @@ "port": 5355 }, "event": { + "category": [ + "network" + ], "code": 3, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "start", - "protocol" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "start", + "protocol" + ] }, "host": { "name": "vagrant-2012-r2" @@ -1377,22 +1329,18 @@ "port": 5355 }, "event": { + "category": [ + "network" + ], "code": 3, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "start", - "protocol" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "start", + "protocol" + ] }, "host": { "name": "vagrant-2012-r2" @@ -1458,22 +1406,18 @@ "port": 137 }, "event": { + "category": [ + "network" + ], "code": 3, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "start", - "protocol" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "start", + "protocol" + ] }, "host": { "name": "vagrant-2012-r2" @@ -1543,22 +1487,18 @@ "port": 137 }, "event": { + "category": [ + "network" + ], "code": 3, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "start", - "protocol" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "start", + "protocol" + ] }, "host": { "name": "vagrant-2012-r2" @@ -1628,22 +1568,18 @@ "port": 137 }, "event": { + "category": [ + "network" + ], "code": 3, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "start", - "protocol" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "start", + "protocol" + ] }, "host": { "name": "vagrant-2012-r2" @@ -1713,22 +1649,18 @@ "port": 137 }, "event": { + "category": [ + "network" + ], "code": 3, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "network" - ], - "type": [ - "connection", - "start", - "protocol" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "start", + "protocol" + ] }, "host": { "name": "vagrant-2012-r2" @@ -1894,20 +1826,16 @@ { "@timestamp": "2019-03-18T16:57:52.387Z", "event": { + "category": [ + "file" + ], "code": 2, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "file" - ], - "type": [ - "change" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "change" + ] }, "file": { "directory": "C:\\Users\\vagrant\\AppData\\Local\\Google\\Chrome\\User Data", @@ -1957,20 +1885,16 @@ { "@timestamp": "2019-03-18T16:57:52.417Z", "event": { + "category": [ + "file" + ], "code": 2, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "file" - ], - "type": [ - "change" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "change" + ] }, "file": { "directory": "C:\\Users\\vagrant\\AppData\\Local\\Google\\Chrome\\User Data", @@ -2020,20 +1944,16 @@ { "@timestamp": "2019-03-18T16:57:52.417Z", "event": { + "category": [ + "file" + ], "code": 2, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "file" - ], - "type": [ - "change" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "change" + ] }, "file": { "directory": "C:\\Users\\vagrant\\AppData\\Local\\Google\\Chrome\\User Data\\Default", @@ -2083,20 +2003,16 @@ { "@timestamp": "2019-03-18T16:57:52.417Z", "event": { + "category": [ + "file" + ], "code": 2, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "file" - ], - "type": [ - "change" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "change" + ] }, "file": { "directory": "C:\\Users\\vagrant\\AppData\\Local\\Google\\Chrome\\User Data\\Default", @@ -2196,20 +2112,16 @@ { "@timestamp": "2019-03-18T16:57:52.433Z", "event": { + "category": [ + "file" + ], "code": 2, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "file" - ], - "type": [ - "change" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "change" + ] }, "file": { "directory": "C:\\Users\\vagrant\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Storage\\ext\\nmmhkkegccagdldgiimedpiccmgmieda\\def", @@ -2259,20 +2171,16 @@ { "@timestamp": "2019-03-18T16:57:52.433Z", "event": { + "category": [ + "file" + ], "code": 2, "kind": "event", "module": "sysmon", - "provider": "Microsoft-Windows-Sysmon" - }, - "fields": { - "event": { - "category": [ - "file" - ], - "type": [ - "change" - ] - } + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "change" + ] }, "file": { "directory": "C:\\Users\\vagrant\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Storage\\ext\\gfdkimpbcpahaombhbimeihdjnejgicl\\def",