Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security solution] Add user.target.name in Authentications table #119353

Open
naj-h opened this issue Nov 22, 2021 · 2 comments
Open

[Security solution] Add user.target.name in Authentications table #119353

naj-h opened this issue Nov 22, 2021 · 2 comments
Assignees
Labels
enhancement New value added to drive a business result Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Threat Hunting Security Solution Threat Hunting Team

Comments

@naj-h
Copy link
Contributor

naj-h commented Nov 22, 2021

In Explore > Hosts > Authentications, the table does not contain the user.target.name field.

Sometimes the user.name field contains the computer account which ends with a $. This username is normally hostname$. When this happens the security analysts need to look at the user.target.name field to see which user account is being used. As this happens often on a windows domain, it would help if the siem pages displayed the user.target.name field alongside the user.name field.

This field is mapped to user.target.name in ECS. elastic.co/guide/en/ecs/current/ecs-user.html

image

@botelastic botelastic bot added the needs-team Issues missing a team label label Nov 22, 2021
@naj-h naj-h added the Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. label Nov 22, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@botelastic botelastic bot removed the needs-team Issues missing a team label label Nov 22, 2021
@naj-h naj-h added the enhancement New value added to drive a business result label Nov 22, 2021
@naj-h naj-h changed the title Elastic Security : Add user.target.name in Authentications table [Security solution] Add user.target.name in Authentications table Nov 22, 2021
@approksiu approksiu added the Team:Threat Hunting Security Solution Threat Hunting Team label Nov 14, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-threat-hunting (Team:Threat Hunting)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New value added to drive a business result Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Threat Hunting Security Solution Threat Hunting Team
Projects
None yet
Development

No branches or pull requests

5 participants