Path	Lines of Code
LICENSE.txt	191
NOTICE.txt	4
README.md	100
custom_documentation/doc/endpoint/README.md	9
custom_documentation/doc/endpoint/alerts/linux/linux_malicious_behavior_alert.md	112
custom_documentation/doc/endpoint/alerts/linux/linux_malware_alert.md	223
custom_documentation/doc/endpoint/alerts/linux/linux_memory_threat_alert.md	197
custom_documentation/doc/endpoint/alerts/macos/macos_malicious_behavior_alert.md	99
custom_documentation/doc/endpoint/alerts/macos/macos_malware_alert.md	141
custom_documentation/doc/endpoint/alerts/macos/macos_memory_threat_alert.md	121
custom_documentation/doc/endpoint/alerts/windows/windows_malicious_behavior_alert.md	109
custom_documentation/doc/endpoint/alerts/windows/windows_malware_alert.md	196
custom_documentation/doc/endpoint/alerts/windows/windows_memory_threat_alert.md	137
custom_documentation/doc/endpoint/alerts/windows/windows_ransomware_alert.md	166
custom_documentation/doc/endpoint/alerts/windows/windows_shellcode_thread.md	253
custom_documentation/doc/endpoint/api/windows/windows_api_amsi.md	69
custom_documentation/doc/endpoint/api/windows/windows_api_asm.md	72
custom_documentation/doc/endpoint/api/windows/windows_api_credential_access.md	69
custom_documentation/doc/endpoint/api/windows/windows_api_kernel_audit.md	64
custom_documentation/doc/endpoint/api/windows/windows_api_tcpip.md	68
custom_documentation/doc/endpoint/api/windows/windows_api_threat_intelligence.md	108
custom_documentation/doc/endpoint/api/windows/windows_api_win32k.md	90
custom_documentation/doc/endpoint/api/windows/windows_api_wmi.md	79
custom_documentation/doc/endpoint/file/linux/linux_file_create.md	64
custom_documentation/doc/endpoint/file/linux/linux_file_delete.md	63
custom_documentation/doc/endpoint/file/linux/linux_file_endpoint_unquarantine.md	47
custom_documentation/doc/endpoint/file/linux/linux_file_rename.md	67
custom_documentation/doc/endpoint/file/macos/macos_file_access.md	56
custom_documentation/doc/endpoint/file/macos/macos_file_delete.md	71
custom_documentation/doc/endpoint/file/macos/macos_file_endpoint_unquarantine.md	47
custom_documentation/doc/endpoint/file/macos/macos_file_extended_attributes_delete.md	71
custom_documentation/doc/endpoint/file/macos/macos_file_launch_daemon.md	69
custom_documentation/doc/endpoint/file/macos/macos_file_modification.md	73
custom_documentation/doc/endpoint/file/macos/macos_file_mount.md	68
custom_documentation/doc/endpoint/file/macos/macos_file_rename.md	74
custom_documentation/doc/endpoint/file/windows/windows_file_create.md	75
custom_documentation/doc/endpoint/file/windows/windows_file_delete.md	70
custom_documentation/doc/endpoint/file/windows/windows_file_endpoint_unquarantine.md	47
custom_documentation/doc/endpoint/file/windows/windows_file_modification.md	72
custom_documentation/doc/endpoint/file/windows/windows_file_open.md	72
custom_documentation/doc/endpoint/file/windows/windows_file_overwrite.md	72
custom_documentation/doc/endpoint/file/windows/windows_file_rename.md	75
custom_documentation/doc/endpoint/library/macos/macos_library_load.md	74
custom_documentation/doc/endpoint/library/windows/windows_library_load.md	83
custom_documentation/doc/endpoint/metadata/metadata.md	51
custom_documentation/doc/endpoint/metrics/metrics.md	196
custom_documentation/doc/endpoint/network/linux/linux_network_attempted_accepted_and_disconnect.md	75
custom_documentation/doc/endpoint/network/linux/linux_network_dns_lookup_result.md	58
custom_documentation/doc/endpoint/network/macos/macos_network_connection_attempted_and_disconnect.md	73
custom_documentation/doc/endpoint/network/macos/macos_network_dns_lookup_result.md	76
custom_documentation/doc/endpoint/network/windows/windows_network_attempted_accepted_and_disconnect.md	69
custom_documentation/doc/endpoint/network/windows/windows_network_dns_lookup_requested.md	63
custom_documentation/doc/endpoint/network/windows/windows_network_dns_lookup_result.md	64
custom_documentation/doc/endpoint/policy/policy_response.md	92
custom_documentation/doc/endpoint/process/linux/linux_process_already_running.md	193
custom_documentation/doc/endpoint/process/linux/linux_process_fork_exec_exit.md	197
custom_documentation/doc/endpoint/process/linux/linux_process_gid_change.md	195
custom_documentation/doc/endpoint/process/linux/linux_process_memfd_create.md	199
custom_documentation/doc/endpoint/process/linux/linux_process_ptrace.md	195
custom_documentation/doc/endpoint/process/linux/linux_process_session_id_change.md	191
custom_documentation/doc/endpoint/process/linux/linux_process_shmget.md	195
custom_documentation/doc/endpoint/process/linux/linux_process_text_output.md	197
custom_documentation/doc/endpoint/process/linux/linux_process_uid_change.md	196
custom_documentation/doc/endpoint/process/macos/macos_process_already_running.md	73
custom_documentation/doc/endpoint/process/macos/macos_process_fork_exec_exit.md	91
custom_documentation/doc/endpoint/process/macos/macos_process_remote_thread.md	86
custom_documentation/doc/endpoint/process/windows/windows_process_already_running.md	100
custom_documentation/doc/endpoint/process/windows/windows_process_create_and_exit.md	125
custom_documentation/doc/endpoint/registry/windows/windows_registry_modification.md	68
custom_documentation/doc/endpoint/registry/windows/windows_registry_query.md	66
custom_documentation/doc/endpoint/security/macos/macos_security_gatekeeper_override.md	72
custom_documentation/doc/endpoint/security/macos/macos_security_log_on.md	69
custom_documentation/doc/endpoint/security/macos/macos_security_rdp_log_on.md	69
custom_documentation/doc/endpoint/security/macos/macos_security_ssh_log_on.md	69
custom_documentation/doc/endpoint/security/windows/windows_security_log_off.md	64
custom_documentation/doc/endpoint/security/windows/windows_security_log_on.md	67
custom_documentation/doc/endpoint/volume_device/windows/windows_volume_device_mount.md	65
custom_documentation/doc/endpoint/volume_device/windows/windows_volume_device_unmount.md	56
custom_schemas/README.md	106
custom_subsets/README.md	37
go.mod	148
package/endpoint/data_stream/action_responses/_dev/test/pipeline/test-ingest-timestamp.json	5
package/endpoint/data_stream/action_responses/_dev/test/pipeline/test-ingest-timestamp.json-expected.json	9
package/endpoint/data_stream/action_responses/elasticsearch/ingest_pipeline/default.json	12
package/endpoint/data_stream/action_responses/sample_event.json	24
package/endpoint/data_stream/actions/_dev/test/pipeline/test-ingest-timestamp.json	5
package/endpoint/data_stream/actions/_dev/test/pipeline/test-ingest-timestamp.json-expected.json	9
package/endpoint/data_stream/actions/elasticsearch/ingest_pipeline/default.json	12
package/endpoint/data_stream/actions/sample_event.json	40
package/endpoint/data_stream/alerts/_dev/test/pipeline/test-ingest-timestamp.json	5
package/endpoint/data_stream/alerts/_dev/test/pipeline/test-ingest-timestamp.json-expected.json	9
package/endpoint/data_stream/alerts/elasticsearch/ingest_pipeline/default.json	12
package/endpoint/data_stream/alerts/sample_event.json	657
package/endpoint/data_stream/api/_dev/test-ingest-timestamp.json	5
package/endpoint/data_stream/api/elasticsearch/ingest_pipeline/default.json	12
package/endpoint/data_stream/api/sample_event.json	302
package/endpoint/data_stream/collection/_dev/test/pipeline/test-ingest-timestamp.json	5
package/endpoint/data_stream/collection/_dev/test/pipeline/test-ingest-timestamp.json-expected.json	9
package/endpoint/data_stream/collection/elasticsearch/ilm/diagnostic.json	22
package/endpoint/data_stream/collection/elasticsearch/ingest_pipeline/default.json	12
package/endpoint/data_stream/file/_dev/test/pipeline/test-ingest-timestamp.json	5
package/endpoint/data_stream/file/_dev/test/pipeline/test-ingest-timestamp.json-expected.json	9
package/endpoint/data_stream/file/elasticsearch/ingest_pipeline/default.json	12
package/endpoint/data_stream/file/sample_event.json	154
package/endpoint/data_stream/heartbeat/elasticsearch/ingest_pipeline/default.json	12
package/endpoint/data_stream/heartbeat/sample_event.json	16
package/endpoint/data_stream/library/_dev/test/pipeline/test-ingest-timestamp.json	5
package/endpoint/data_stream/library/_dev/test/pipeline/test-ingest-timestamp.json-expected.json	9
package/endpoint/data_stream/library/elasticsearch/ingest_pipeline/default.json	12
package/endpoint/data_stream/library/sample_event.json	157
package/endpoint/data_stream/metadata/_dev/test/pipeline/test-ingest-timestamp.json	5
package/endpoint/data_stream/metadata/_dev/test/pipeline/test-ingest-timestamp.json-expected.json	9
package/endpoint/data_stream/metadata/elasticsearch/ingest_pipeline/default.json	12
package/endpoint/data_stream/metadata/sample_event.json	87
package/endpoint/data_stream/metrics/_dev/test/pipeline/test-ingest-timestamp.json	5
package/endpoint/data_stream/metrics/_dev/test/pipeline/test-ingest-timestamp.json-expected.json	9
package/endpoint/data_stream/metrics/elasticsearch/ingest_pipeline/default.json	12
package/endpoint/data_stream/metrics/sample_event.json	1099
package/endpoint/data_stream/network/_dev/test/pipeline/test-dns.json	52
package/endpoint/data_stream/network/_dev/test/pipeline/test-dns.json-expected.json	116
package/endpoint/data_stream/network/_dev/test/pipeline/test-geo.json	12
package/endpoint/data_stream/network/_dev/test/pipeline/test-geo.json-expected.json	48
package/endpoint/data_stream/network/_dev/test/pipeline/test-ingest-timestamp.json	5
package/endpoint/data_stream/network/_dev/test/pipeline/test-ingest-timestamp.json-expected.json	9
package/endpoint/data_stream/network/sample_event.json	156
package/endpoint/data_stream/policy/_dev/test/pipeline/test-ingest-timestamp.json	5
package/endpoint/data_stream/policy/_dev/test/pipeline/test-ingest-timestamp.json-expected.json	9
package/endpoint/data_stream/policy/elasticsearch/ingest_pipeline/default.json	12
package/endpoint/data_stream/policy/sample_event.json	615
package/endpoint/data_stream/process/_dev/test/pipeline/test-ingest-timestamp.json	5
package/endpoint/data_stream/process/_dev/test/pipeline/test-ingest-timestamp.json-expected.json	9
package/endpoint/data_stream/process/elasticsearch/ingest_pipeline/default.json	12
package/endpoint/data_stream/process/sample_event.json	259
package/endpoint/data_stream/registry/_dev/test/pipeline/test-ingest-timestamp.json	5
package/endpoint/data_stream/registry/_dev/test/pipeline/test-ingest-timestamp.json-expected.json	9
package/endpoint/data_stream/registry/elasticsearch/ingest_pipeline/default.json	12
package/endpoint/data_stream/registry/sample_event.json	124
package/endpoint/data_stream/security/_dev/test/pipeline/test-ingest-timestamp.json	5
package/endpoint/data_stream/security/_dev/test/pipeline/test-ingest-timestamp.json-expected.json	9
package/endpoint/data_stream/security/elasticsearch/ingest_pipeline/default.json	12
package/endpoint/data_stream/security/sample_event.json	130
package/endpoint/elasticsearch/index_template/metrics-metadata-current.json	310
package/endpoint/elasticsearch/index_template/metrics-metadata-united.json	552
package/endpoint/elasticsearch/transform/metadata_current/default.json	32
package/endpoint/elasticsearch/transform/metadata_united/default.json	41
package/endpoint/img/security-logo-color-64px.svg	14
schemas/README.md	6
schemas/examples/v1/api_event_virtualprotect_windows.json	179
schemas/examples/v1/dns_lookup_failure_windows.json	95
schemas/examples/v1/dns_request_windows.json	96
schemas/examples/v1/driver_loaded_linux.json	82
schemas/examples/v1/driver_loaded_windows.json	78
schemas/examples/v1/file_modified_linux.json	99
schemas/examples/v1/file_modified_windows.json	80
schemas/examples/v1/library_loaded_linux.json	82
schemas/examples/v1/library_loaded_windows.json	79
schemas/examples/v1/malware_alert.json	573
schemas/examples/v1/metadata.json	37
schemas/examples/v1/network_http_request_windows.json	92
schemas/examples/v1/network_http_response_windows.json	94
schemas/examples/v1/network_inbound_connection_accepted_windows.json	84
schemas/examples/v1/network_inbound_connection_attempt_windows.json	84
schemas/examples/v1/network_inbound_disconnect_windows.json	83
schemas/examples/v1/network_inbound_reconnection_attempt_windows.json	84
schemas/examples/v1/network_outbound_connection_accepted_windows.json	84
schemas/examples/v1/network_outbound_connection_attempt_windows.json	84
schemas/examples/v1/network_outbound_disconnect_windows.json	83
schemas/examples/v1/network_outbound_reconnection_attempt_windows.json	84
schemas/examples/v1/process_already_running_windows.json	96
schemas/examples/v1/process_created_linux.json	97
schemas/examples/v1/process_created_windows.json	95
schemas/examples/v1/process_terminated_windows.json	96
schemas/examples/v1/process_uid_changed_linux.json	97
schemas/examples/v1/registry_creation.json	69
schemas/examples/v1/registry_deletion.json	69
schemas/examples/v1/registry_modification.json	69
scripts/event_schema_generator/README.md	24
scripts/generate-docs/README.md	13
scripts/go-tools/README.md	4
scripts/requirements.txt	7
scripts/saved_object_decoder/README.md	8