Windows/windows/_meta/fields.yml

action.properties.Device:
  description: Name of concerned device
  name: action.properties.Device
  short: Name of concerned device
  type: keyword
  observable:
    name: Device Name
    type: file
    property: path
action.properties.ImageLoaded:
  description: Image file loaded by the process
  name: action.properties.ImageLoaded
  short: Image file loaded by the process
  type: keyword
  observable:
    name: Image file
    type: file
    property: path
action.properties.RelativeTargetName:
  description: Filename of the target
  name: action.properties.RelativeTargetName
  short: Filename of the target
  type: keyword
  observable:
    name: Target Filename
    type: file
    property: path
action.properties.ServiceName:
  description: Name of the service
  name: action.properties.ServiceName
  short: Name of the service
  type: keyword
  observable:
    name: Service name
    type: user-account
    property: account_login
action.properties.SourceImage:
  description: Name of the source image
  name: action.properties.SourceImage
  short: Name of the source image
  type: keyword
  observable:
    name: Source Image
    type: file
    property: name
action.properties.TargetDomainName:
  description: Domain of the target user
  name: action.properties.TargetDomainName
  short: Domain of the target user
  type: keyword
  observable:
    name: Target User
    type: user-account
    property: domain
action.properties.TargetImage:
  description: Name of the target image
  name: action.properties.TargetImage
  short: Name of the target image
  type: keyword
  observable:
    name: Target Image
    type: file
    property: name
action.properties.TargetServerName:
  description: Name of the target server
  name: action.properties.TargetServerName
  short: Name of the target server
  type: keyword
  observable:
    name: Target Server Name
    type: host
    property: name
action.properties.TargetUserName:
  description: Name of the target user
  name: action.properties.TargetUserName
  short: Name of the target user
  type: keyword
  observable:
    name: Target User
    type: user-account
    property: account_login
action.properties.TargetUserSid:
  description: SID of the target user
  name: action.properties.TargetUserSid
  short: SID of the target user
  type: keyword
  observable:
    name: Target User
    type: user-account
    property: user_id
action.properties.Workstation:
  description: Name of the workstation
  name: action.properties.Workstation
  short: Name of the workstation
  type: keyword
  observable:
    name: Workstation
    type: host
    property: name