santa icon indicating copy to clipboard operation
santa copied to clipboard
verified publisher icon google

Login/logout events

Open mlw opened this issue 1 year ago • 0 comments

INITIAL DRAFT

Primary goal with the draft PR is to gather any final feedback on the proto impl before writing the encoders for the enriched types.

Once we're satisfied, I'll implement the protobuf serializers.

This is largely the same as the previous draft. Some new fields were added for completeness (e.g. instigating processes) as well as some fields that were previously missing. "method 2" from the previous draft has been removed.

Adds support for the following ES event types:

ES_EVENT_TYPE_NOTIFY_LW_SESSION_LOGIN
ES_EVENT_TYPE_NOTIFY_LW_SESSION_LOGOUT
ES_EVENT_TYPE_NOTIFY_LW_SESSION_LOCK
ES_EVENT_TYPE_NOTIFY_LW_SESSION_UNLOCK
ES_EVENT_TYPE_NOTIFY_SCREENSHARING_ATTACH
ES_EVENT_TYPE_NOTIFY_SCREENSHARING_DETACH
ES_EVENT_TYPE_NOTIFY_OPENSSH_LOGIN
ES_EVENT_TYPE_NOTIFY_OPENSSH_LOGOUT
ES_EVENT_TYPE_NOTIFY_LOGIN_LOGIN
ES_EVENT_TYPE_NOTIFY_LOGIN_LOGOUT

mlw avatar Jun 20 '24 20:06 mlw