Hi AntonH, you don't see *TargetUserName *in Kibana, because OSSEC decoders are not extracting that field. We will need to improve them.
Could you paste the raw log (*full_log*) here?. Once we update the decoders and you install them, the new events will come with the *TargetUserName * extracted. Regards. On Saturday, May 13, 2017 at 1:52:46 AM UTC+2, dan (ddpbsd) wrote: > > On Fri, May 12, 2017 at 4:40 AM, AntonH <an...@inkcreations.com > <javascript:>> wrote: > > Hello, > > > > I'm using Wazuh and I don't know how to map TargetUserName to an indexed > > field. > > Security events are generated but the associated username is not mapped > so > > there is no way to search for or display the culprit. > > > > The field marked yellow is not mapped or indexed. > > > > > > Corresponding xml event from eventvwr > > > > > > I'm using the ossec-agent to transport logs to Wazuh v2.0 > > > > > > I hope someone can help me. > > > > It might be better to ask Wazuh about their project. > > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to ossec-list+...@googlegroups.com <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.