9.1.0

What's Changed

• Add process fields to custom documentation for security events by @ricardo-estc in #596
• Change the size of region_start_bytes + add the field to the alert data stream by @AsuNa-jp in #591
• update macos process events to include parent.command_line by @brian-mckinney in #602
• Add zone_identifier field to Process/DLL events by @AsuNa-jp in #608
• Update the copyright year by @AsuNa-jp in #611
• Add origin_url and origin_referrer_url field to Process/DLL events by @AsuNa-jp in #610
• AMSI API changes for behavior rule alerts - process.Ext.api.parameters.content_name by @magermark in #609
• Add metrics queues custom docs by @bjmcnic in #615
• Fix Windows behavior alert custom doc by @gabriellandau in #614
• Add process.command_line to some windows file events by @gabriellandau in #616
• Actions log spaces by @pzl in #622
• Add event.provider to API events by @gabriellandau in #631
• global artifacts manifest_type by @intxgo in #632
• global artifacts manifest_type, fix custom documentation by @intxgo in #635
• Add custom documentation entries for LDAP/HTTP ETW telemetry by @matthewh-elastic in #636
• Add fields for additional desktop_name process event field by @matthewh-elastic in #634
• Add new policy fields for firewall_anti_tamper plugin by @matthewh-elastic in #637
• [8.19/9.1] Add new fields for security events by @AsuNa-jp in #640
• [8.19/9.1]Add Winlog fields for the ETW security events by @AsuNa-jp in #633
• Add tags to action request documents by @pzl in #642
• add mapping for united.agent.namespaces by @joeypoon in #641
• Update custom documentation for security events by @AsuNa-jp in #643
• Add TCC modify event on macOS by @ricardo-estc in #638
• Add missing custom documentation fields to logoff security events by @AsuNa-jp in #645
• Add custom documentation fields for pipe_events by @calladoum-elastic in #644

New Contributors

• @bjmcnic made their first contribution in #615
• @matthewh-elastic made their first contribution in #636

Full Changelog: v9.0.0...v9.1.0