Re: [ossec-list] TargetUserName is not mapped to an indexed field

Hi all, I think there is a misunderstanding. According to your *full_log*, I can see 2 "Account name" fields, the first one is *SubjectUserName*, and the second one is *TargetUserName*. We are only extracting the *SubjectUserName* as *Account name*. So, if you paste here your log, I can

Re: [ossec-list] TargetUserName is not mapped to an indexed field

Hi AntonH, I can see your full_log on Kibana screenshots, it seems like even OSSEC is not getting that field on the raw_log, meaning we are not extracting it from the EventChannel. Currently OSSEC is not extracting all the fields detail on the XML, related code:

Re: [ossec-list] TargetUserName is not mapped to an indexed field

Hi AntonH, you don't see *TargetUserName *in Kibana, because OSSEC decoders are not extracting that field. We will need to improve them. Could you paste the raw log (*full_log*) here?. Once we update the decoders and you install them, the new events will come with the *TargetUserName *

Re: [ossec-list] TargetUserName is not mapped to an indexed field

On Fri, May 12, 2017 at 4:40 AM, AntonH wrote: > Hello, > > I'm using Wazuh and I don't know how to map TargetUserName to an indexed > field. > Security events are generated but the associated username is not mapped so > there is no way to search for or display the

[ossec-list] TargetUserName is not mapped to an indexed field

Hello, I'm using Wazuh and I don't know how to map *TargetUserName* to an indexed field. Security events are generated but the associated username is not mapped so there is no way to search for or display the culprit. The field marked yellow is not mapped or indexed.