Winlogbeats Windows object name GUID translation

[synikitin]

Hi,

I know translation of SIDs got added. Is there any plan to add GUID translations? Tying this back to https://discuss.elastic.co/t/winlogbeat-displaying-guid-in-windows-events-instead-of-object-name/71442.

It seems possible given Splunk's universal forwarded has an option for this https://community.splunk.com/t5/Getting-Data-In/Translate-GUID-in-Windows-Event-Log/m-p/104021.

[elasticmachine]

Pinging @elastic/siem (Team:SIEM)

[bondbig]

Any news on this one? This is quite embarrassing, really

[elasticmachine]

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

[botelastic]

Hi!
We just realized that we haven't looked into this issue in a while. We're sorry!

We're labeling this issue as Stale to make it hit our filters and make sure we get back to it as soon as possible. In the meantime, it'd be extremely helpful if you could take a look at it as well and confirm its relevance. A simple comment with a nice emoji will be enough :+1.
Thank you for your contribution!

[willemdh]

This would be very useful imho. Sorry to see its closed

[botelastic]

Hi!
We just realized that we haven't looked into this issue in a while. We're sorry!

We're labeling this issue as Stale to make it hit our filters and make sure we get back to it as soon as possible. In the meantime, it'd be extremely helpful if you could take a look at it as well and confirm its relevance. A simple comment with a nice emoji will be enough :+1.
Thank you for your contribution!

[elasticmachine]

Pinging @elastic/sec-windows-platform (Team:Security-Windows Platform)

[marc-gr]

A new processor has been added to allow translation of ldap attributes (GUIDs included) https://www.elastic.co/guide/en/beats/filebeat/8.17/processor-translate-guid.html