% This file is generated! See dev-tools/mage/generate_fields_docs.go

Sysmon module fields [exported-fields-sysmon]

These are the event fields specific to the Sysmon module.

sysmon.dns.status : Windows status code returned for the DNS query.

type: keyword

sysmon.file.archived : Indicates if the deleted file was archived.

type: boolean

sysmon.file.is_executable : Indicates if the deleted file was an executable.

type: boolean