'value': "{\n \"is_partial\": false,\n \"is_running\": false,\n \"took\": 6,\n \"timed_out\": false,\n \"hits\": {\n \"total\": {\n \"value\": 1,\n \"relation\": \"eq\"\n },\n \"sequences\": [\n {\n \"join_keys\": [\n 2012\n ],\n \"events\": [\n {\n \"_index\": \".ds-my-data-stream-2099.12.07-000001\",\n \"_id\": \"AtOJ4UjUBAAx3XR5kcCM\",\n \"_source\": {\n \"@timestamp\": \"2099-12-06T11:04:07.000Z\",\n \"event\": {\n \"category\": \"file\",\n \"id\": \"dGCHwoeS\",\n \"sequence\": 2\n },\n \"file\": {\n \"accessed\": \"2099-12-07T11:07:08.000Z\",\n \"name\": \"cmd.exe\",\n \"path\": \"C:\\\\Windows\\\\System32\\\\cmd.exe\",\n \"type\": \"file\",\n \"size\": 16384\n },\n \"process\": {\n \"pid\": 2012,\n \"name\": \"cmd.exe\",\n \"executable\": \"C:\\\\Windows\\\\System32\\\\cmd.exe\"\n }\n }\n },\n {\n \"_index\": \".ds-my-data-stream-2099.12.07-000001\",\n \"_id\": \"OQmfCaduce8zoHT93o4H\",\n \"_source\": {\n \"@timestamp\": \"2099-12-07T11:07:09.000Z\",\n \"event\": {\n \"category\": \"process\",\n \"id\": \"aR3NWVOs\",\n \"sequence\": 4\n },\n \"process\": {\n \"pid\": 2012,\n \"name\": \"regsvr32.exe\",\n \"command_line\": \"regsvr32.exe /s /u /i:https://...RegSvr32.sct scrobj.dll\",\n \"executable\": \"C:\\\\Windows\\\\System32\\\\regsvr32.exe\"\n }\n }\n }\n ]\n }\n ]\n }\n}"
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4&size=40){kind=avatar}
0 commit comments