jamesspi/driverload.json

## driverload.json
{
    "agent": {
      "id": "b5780efb-e2e8-42f2-9221-b8e93f2db369",
      "type": "endpoint",
      "version": "8.6.2"
    },
    "process": {
      "Ext": {
        "ancestry": [
          "YjU3ODBlZmItZTJlOC00MmYyLTkyMjEtYjhlOTNmMmRiMzY5LTAtMTY3ODkzOTIxOS4yNTI4MzAw"
        ],
        "code_signature": []
      },
      "name": "System",
      "pid": 4,
      "entity_id": "YjU3ODBlZmItZTJlOC00MmYyLTkyMjEtYjhlOTNmMmRiMzY5LTQtMTY3ODkzOTIxOS4yNTI4MzAw"
    },
    "@timestamp": "2023-03-19T22:23:42.9900174Z",
    "ecs": {
      "version": "1.11.0"
    },
    "dll": {
      "Ext": {
        "code_signature": [
          {
            "trusted": true,
            "subject_name": "Microsoft Windows",
            "exists": true,
            "status": "trusted"
          }
        ],
        "relative_file_creation_time": 23915426.0375443,
        "load_index": 1,
        "relative_file_name_modify_time": 23915426.0375443
      },
      "path": """C:\Windows\System32\rdpudd.dll""",
      "code_signature": {
        "trusted": true,
        "subject_name": "Microsoft Windows",
        "exists": true,
        "status": "trusted"
      },
      "pe": {
        "file_version": "10.0.17763.2989 (WinBuild.160101.0800)",
        "imphash": "de255d138c2de1b7ac5f099957d5a045",
        "original_file_name": "RDPUDD.dll"
      },
      "name": "rdpudd.dll",
      "hash": {
        "sha1": "d1a29d90561d3f44d4763d6fcd7d511ddfab0bd6",
        "sha256": "03402d99391d7659ac8e866b8fcbf9fa3dfab9ec62c3cf1388fd55ab9ee18fd7",
        "md5": "d7b5610768d59c3fc22df49425b4e4dc"
      }
    },
    "data_stream": {
      "namespace": "default",
      "type": "logs",
      "dataset": "endpoint.events.library"
    },
    "elastic": {
      "agent": {
        "id": "b5780efb-e2e8-42f2-9221-b8e93f2db369"
      }
    },
    "host": {
      "hostname": "bhusa-windows-1",
      "os": {
        "Ext": {
          "variant": "Windows Server 2019 Datacenter"
        },
        "kernel": "1809 (10.0.17763.4131)",
        "name": "Windows",
        "family": "windows",
        "type": "windows",
        "version": "1809 (10.0.17763.4131)",
        "platform": "windows",
        "full": "Windows Server 2019 Datacenter 1809 (10.0.17763.4131)"
      },
      "ip": [
        "10.132.0.52",
        "fe80::304:88a9:6841:9f46",
        "127.0.0.1",
        "::1"
      ],
      "name": "bhusa-windows-1",
      "id": "2d12dd84-46b3-484f-98d5-bb139eecc978",
      "mac": [
        "42:01:0a:84:00:34"
      ],
      "architecture": "x86_64"
    },
    "event": {
      "agent_id_status": "verified",
      "sequence": 3074869,
      "ingested": "2023-03-19T22:23:54Z",
      "created": "2023-03-19T22:23:42.9900174Z",
      "kind": "event",
      "module": "endpoint",
      "action": "load",
      "id": "N/8INZBrx3elPseS++++vJ6L",
      "category": [
        "driver"
      ],
      "type": [
        "start"
      ],
      "dataset": "endpoint.events.library"
    },
    "message": "Endpoint driver load event",
    "user": {
      "domain": "NT AUTHORITY",
      "name": "SYSTEM",
      "id": "S-1-5-18"
    }
  }
}
	{
	"agent": {
	"id": "b5780efb-e2e8-42f2-9221-b8e93f2db369",
	"type": "endpoint",
	"version": "8.6.2"
	},
	"process": {
	"Ext": {
	"ancestry": [
	"YjU3ODBlZmItZTJlOC00MmYyLTkyMjEtYjhlOTNmMmRiMzY5LTAtMTY3ODkzOTIxOS4yNTI4MzAw"
	],
	"code_signature": []
	},
	"name": "System",
	"pid": 4,
	"entity_id": "YjU3ODBlZmItZTJlOC00MmYyLTkyMjEtYjhlOTNmMmRiMzY5LTQtMTY3ODkzOTIxOS4yNTI4MzAw"
	},
	"@timestamp": "2023-03-19T22:23:42.9900174Z",
	"ecs": {
	"version": "1.11.0"
	},
	"dll": {
	"Ext": {
	"code_signature": [
	{
	"trusted": true,
	"subject_name": "Microsoft Windows",
	"exists": true,
	"status": "trusted"
	}
	],
	"relative_file_creation_time": 23915426.0375443,
	"load_index": 1,
	"relative_file_name_modify_time": 23915426.0375443
	},
	"path": """C:\Windows\System32\rdpudd.dll""",
	"code_signature": {
	"trusted": true,
	"subject_name": "Microsoft Windows",
	"exists": true,
	"status": "trusted"
	},
	"pe": {
	"file_version": "10.0.17763.2989 (WinBuild.160101.0800)",
	"imphash": "de255d138c2de1b7ac5f099957d5a045",
	"original_file_name": "RDPUDD.dll"
	},
	"name": "rdpudd.dll",
	"hash": {
	"sha1": "d1a29d90561d3f44d4763d6fcd7d511ddfab0bd6",
	"sha256": "03402d99391d7659ac8e866b8fcbf9fa3dfab9ec62c3cf1388fd55ab9ee18fd7",
	"md5": "d7b5610768d59c3fc22df49425b4e4dc"
	}
	},
	"data_stream": {
	"namespace": "default",
	"type": "logs",
	"dataset": "endpoint.events.library"
	},
	"elastic": {
	"agent": {
	"id": "b5780efb-e2e8-42f2-9221-b8e93f2db369"
	}
	},
	"host": {
	"hostname": "bhusa-windows-1",
	"os": {
	"Ext": {
	"variant": "Windows Server 2019 Datacenter"
	},
	"kernel": "1809 (10.0.17763.4131)",
	"name": "Windows",
	"family": "windows",
	"type": "windows",
	"version": "1809 (10.0.17763.4131)",
	"platform": "windows",
	"full": "Windows Server 2019 Datacenter 1809 (10.0.17763.4131)"
	},
	"ip": [
	"10.132.0.52",
	"fe80::304:88a9:6841:9f46",
	"127.0.0.1",
	"::1"
	],
	"name": "bhusa-windows-1",
	"id": "2d12dd84-46b3-484f-98d5-bb139eecc978",
	"mac": [
	"42:01:0a:84:00:34"
	],
	"architecture": "x86_64"
	},
	"event": {
	"agent_id_status": "verified",
	"sequence": 3074869,
	"ingested": "2023-03-19T22:23:54Z",
	"created": "2023-03-19T22:23:42.9900174Z",
	"kind": "event",
	"module": "endpoint",
	"action": "load",
	"id": "N/8INZBrx3elPseS++++vJ6L",
	"category": [
	"driver"
	],
	"type": [
	"start"
	],
	"dataset": "endpoint.events.library"
	},
	"message": "Endpoint driver load event",
	"user": {
	"domain": "NT AUTHORITY",
	"name": "SYSTEM",
	"id": "S-1-5-18"
	}
	}
	}