elastic · kcreddy · Apr 25, 2023 · Apr 24, 2023 · Apr 24, 2023 · Apr 24, 2023
diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
@@ -34,6 +34,7 @@ https:/elastic/beats/compare/v8.2.0\...main[Check the HEAD diff]
 - Corrects issue with security events with source IP of "LOCAL" or "Unknown" failing to ingest {issue}19627[19627] {pull}34295[34295]
 - Added processing for Windows Event ID's 4797, 5379, 5380, 5381, and 5382 for the Security Ingest Pipeline {issue}34293[34293] {pull}34294[34294]
 - Added processing for Windows Event ID's 5140 and 5145 for the Security Ingest Pipeline {pull}34352[34352]
+- Add "event.category" and "event.type" to Sysmon module for EventIDs 8, 9, 19, 20, 27, 28, 255 {pull}35193[35193]
 
 *Functionbeat*
 

@@ -93,8 +93,14 @@
  type: keyword
  - name: BuildVersion
  type: keyword
+ - name: CallTrace
+ type: keyword
+ - name: ClientInfo
+ type: keyword
  - name: Company
  type: keyword
+ - name: Configuration
+ type: keyword
  - name: CorruptionActionState
  type: keyword
  - name: CreationUtcTime
@@ -123,6 +129,10 @@
  type: keyword
  - name: EntryCount
  type: keyword
+ - name: EventType
+ type: keyword
+ - name: EventNamespace
+ type: keyword
  - name: ExtraInfo
  type: keyword
  - name: FailureName
@@ -133,6 +143,8 @@
  type: keyword
  - name: FinalStatus
  type: keyword
+ - name: GrantedAccess
+ type: keyword
  - name: Group
  type: keyword
  - name: IdleImplementation
@@ -177,12 +189,16 @@
  type: keyword
  - name: MinorVersion
  type: keyword
+ - name: Name
+ type: keyword
  - name: NewProcessId
  type: keyword
  - name: NewProcessName
  type: keyword
  - name: NewSchemeGuid
  type: keyword
+ - name: NewThreadId
+ type: keyword
  - name: NewTime
  type: keyword
  - name: NominalFrequency
@@ -193,6 +209,8 @@
  type: keyword
  - name: OldTime
  type: keyword
+ - name: Operation
+ type: keyword
  - name: OriginalFileName
  type: keyword
  - name: Path
@@ -221,6 +239,8 @@
  type: keyword
  - name: QfeVersion
  type: keyword
+ - name: Query
+ type: keyword
  - name: Reason
  type: keyword
  - name: SchemaVersion
@@ -231,6 +251,8 @@
  type: keyword
  - name: ServiceVersion
  type: keyword
+ - name: Session
+ type: keyword
  - name: ShutdownActionType
  type: keyword
  - name: ShutdownEventCode
@@ -243,6 +265,12 @@
  type: keyword
  - name: Signed
  type: keyword
+ - name: StartAddress
+ type: keyword
+ - name: StartFunction
+ type: keyword
+ - name: StartModule
+ type: keyword
  - name: StartTime
  type: keyword
  - name: State
@@ -263,12 +291,18 @@
  type: keyword
  - name: TargetDomainName
  type: keyword
+ - name: TargetImage
+ type: keyword
  - name: TargetInfo
  type: keyword
  - name: TargetLogonGuid
  type: keyword
  - name: TargetLogonId
  type: keyword
+ - name: TargetProcessGUID
+ type: keyword
+ - name: TargetProcessId
+ type: keyword
  - name: TargetServerName
  type: keyword
  - name: TargetUserName
@@ -281,6 +315,8 @@
  type: keyword
  - name: TransmittedServices
  type: keyword
+ - name: Type
+ type: keyword
  - name: UserSid
  type: keyword
  - name: Version

@@ -16410,13 +16410,34 @@ type: keyword
 
 --
 
+*`winlog.event_data.CallTrace`*::
++
+--
+type: keyword
+
+--
+
+*`winlog.event_data.ClientInfo`*::
++
+--
+type: keyword
+
+--
+
 *`winlog.event_data.Company`*::
 +
 --
 type: keyword
 
 --
 
+*`winlog.event_data.Configuration`*::
++
+--
+type: keyword
+
+--
+
 *`winlog.event_data.CorruptionActionState`*::
 +
 --
@@ -16515,6 +16536,20 @@ type: keyword
 
 --
 
+*`winlog.event_data.EventType`*::
++
+--
+type: keyword
+
+--
+
+*`winlog.event_data.EventNamespace`*::
++
+--
+type: keyword
+
+--
+
 *`winlog.event_data.ExtraInfo`*::
 +
 --
@@ -16550,6 +16585,13 @@ type: keyword
 
 --
 
+*`winlog.event_data.GrantedAccess`*::
++
+--
+type: keyword
+
+--
+
 *`winlog.event_data.Group`*::
 +
 --
@@ -16704,6 +16746,13 @@ type: keyword
 
 --
 
+*`winlog.event_data.Name`*::
++
+--
+type: keyword
+
+--
+
 *`winlog.event_data.NewProcessId`*::
 +
 --
@@ -16725,6 +16774,13 @@ type: keyword
 
 --
 
+*`winlog.event_data.NewThreadId`*::
++
+--
+type: keyword
+
+--
+
 *`winlog.event_data.NewTime`*::
 +
 --
@@ -16760,6 +16816,13 @@ type: keyword
 
 --
 
+*`winlog.event_data.Operation`*::
++
+--
+type: keyword
+
+--
+
 *`winlog.event_data.OriginalFileName`*::
 +
 --
@@ -16858,6 +16921,13 @@ type: keyword
 
 --
 
+*`winlog.event_data.Query`*::
++
+--
+type: keyword
+
+--
+
 *`winlog.event_data.Reason`*::
 +
 --
@@ -16893,6 +16963,13 @@ type: keyword
 
 --
 
+*`winlog.event_data.Session`*::
++
+--
+type: keyword
+
+--
+
 *`winlog.event_data.ShutdownActionType`*::
 +
 --
@@ -16935,6 +17012,27 @@ type: keyword
 
 --
 
+*`winlog.event_data.StartAddress`*::
++
+--
+type: keyword
+
+--
+
+*`winlog.event_data.StartFunction`*::
++
+--
+type: keyword
+
+--
+
+*`winlog.event_data.StartModule`*::
++
+--
+type: keyword
+
+--
+
 *`winlog.event_data.StartTime`*::
 +
 --
@@ -17005,6 +17103,13 @@ type: keyword
 
 --
 
+*`winlog.event_data.TargetImage`*::
++
+--
+type: keyword
+
+--
+
 *`winlog.event_data.TargetInfo`*::
 +
 --
@@ -17026,6 +17131,20 @@ type: keyword
 
 --
 
+*`winlog.event_data.TargetProcessGUID`*::
++
+--
+type: keyword
+
+--
+
+*`winlog.event_data.TargetProcessId`*::
++
+--
+type: keyword
+
+--
+
 *`winlog.event_data.TargetServerName`*::
 +
 --
@@ -17068,6 +17187,13 @@ type: keyword
 
 --
 
+*`winlog.event_data.Type`*::
++
+--
+type: keyword
+
+--
+
 *`winlog.event_data.UserSid`*::
 +
 --