l.bourdin
/
Wazuh-Teams-Workflow
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Séparation de utilisateur et utilisateur cible

This commit is contained in:
l.bourdin 2026-04-09 12:04:13 +02:00
parent a7b94415a3
commit 95705989b2
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
custom-teams.py
View File

@ -212,7 +212,8 @@ class Integration:
win = self._get_nested(alert, ("data", "win", "eventdata"), default={}) or {} win = self._get_nested(alert, ("data", "win", "eventdata"), default={}) or {}
object_name = win.get("objectName") object_name = win.get("objectName")
self._add_fact(facts, "Utilisateur", win.get("targetUserName") or win.get("subjectUserName")) self._add_fact(facts, "Utilisateur", win.get("subjectUserName"))
self._add_fact(facts, "Utilisateur cible", win.get("targetUserName"))
self._add_fact(facts, "Ordinateur", win.get("workstationName")) self._add_fact(facts, "Ordinateur", win.get("workstationName"))
self._add_fact(facts, "Event ID", self._get_nested(alert, ("data", "win", "system", "eventID"))) self._add_fact(facts, "Event ID", self._get_nested(alert, ("data", "win", "system", "eventID")))
self._add_fact(facts, "Process", win.get("processName")) self._add_fact(facts, "Process", win.get("processName"))