[Security solution] Add user.target.name in Authentications table #119353
Labels
enhancement
New value added to drive a business result
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Team:Threat Hunting
Security Solution Threat Hunting Team
In Explore > Hosts > Authentications, the table does not contain the
user.target.name
field.Sometimes the$. This username is normally hostname$ . When this happens the security analysts need to look at the
user.name
field contains the computer account which ends with auser.target.name
field to see which user account is being used. As this happens often on a windows domain, it would help if the siem pages displayed theuser.target.name
field alongside theuser.name
field.This field is mapped to
user.target.name
in ECS. elastic.co/guide/en/ecs/current/ecs-user.htmlThe text was updated successfully, but these errors were encountered: