diff --git a/Logs/windows.json b/Logs/windows.json
index 59925dd..4749683 100644
--- a/Logs/windows.json
+++ b/Logs/windows.json
@@ -1,3 +1,3 @@
-{"@timestamp":"2023-10-30T08:35:41.169Z","@metadata":{"beat":"winlogbeat","type":"_doc","version":"7.17.4"},"process":{"entity_id":"{515cfcb9-6add-653f-3099-000000004e00}","pid":32164,"executable":"C:\\Windows\\SysWOW64\\dllhost.exe","command_line":"\"C:\\Windows\\SysWOW64\\DllHost.exe\" /Processid:{776DBC8D-7347-478C-8D71-791E12EF49D8}","parent":{"entity_id":"{00000000-0000-0000-0000-000000000000}","pid":968,"executable":"-","command_line":"-","name":"-","args":["-"]},"pe":{"original_file_name":"dllhost.exe","company":"Microsoft Corporation","description":"COM Surrogate","file_version":"10.0.19041.546 (WinBuild.160101.0800)","product":"Microsoft® Windows® Operating System","imphash":"b6a6c5247efbd2610e3dea44649d7041"},"args":["C:\\Windows\\SysWOW64\\DllHost.exe","/Processid:{776DBC8D-7347-478C-8D71-791E12EF49D8}"],"hash":{"sha256":"3ed69caab035258e008efbcf40db305891b40ba02ca2737e20defa7c2d4afaf7","md5":"6f3c9485f8f97ac04c8e43ef4463a68c"},"working_directory":"C:\\Windows\\system32\\","name":"dllhost.exe"},"user":{"id":"S-1-5-18","domain":"DESKTOP-R22JGEA","name":"hp"},"ecs":{"version":"1.12.0"},"message":"Process Create:\nRuleName: -\nUtcTime: 2023-10-30 08:35:41.169\nProcessGuid: {515cfcb9-6add-653f-3099-000000004e00}\nProcessId: 32164\nImage: C:\\Windows\\SysWOW64\\dllhost.exe\nFileVersion: 10.0.19041.546 (WinBuild.160101.0800)\nDescription: COM Surrogate\nProduct: Microsoft® Windows® Operating System\nCompany: Microsoft Corporation\nOriginalFileName: dllhost.exe\nCommandLine: \"C:\\Windows\\SysWOW64\\DllHost.exe\" /Processid:{776DBC8D-7347-478C-8D71-791E12EF49D8}\nCurrentDirectory: C:\\Windows\\system32\\\nUser: DESKTOP-R22JGEA\\hp\nLogonGuid: {515cfcb9-1571-652a-dcc2-030000000000}\nLogonId: 0x3C2DC\nTerminalSessionId: 1\nIntegrityLevel: Medium\nHashes: MD5=6F3C9485F8F97AC04C8E43EF4463A68C,SHA256=3ED69CAAB035258E008EFBCF40DB305891B40BA02CA2737E20DEFA7C2D4AFAF7,IMPHASH=B6A6C5247EFBD2610E3DEA44649D7041\nParentProcessGuid: {00000000-0000-0000-0000-000000000000}\nParentProcessId: 968\nParentImage: -\nParentCommandLine: -\nParentUser: -","host":{"architecture":"x86_64","name":"DESKTOP-R22JGEA","os":{"type":"windows","platform":"windows","version":"10.0","family":"windows","name":"Windows 10 Pro","kernel":"10.0.19041.3324 (WinBuild.160101.0800)","build":"19045.3324"},"id":"515cfcb9-6bc2-4928-8660-8498bfa8d3c0","ip":["fe80::ee9d:e9aa:1ab7:9167","169.254.22.149","fe80::a170:ca71:9f4:5cc8","169.254.105.43","fe80::da2e:c851:afd7:4052","169.254.242.62","fe80::4e93:f6c1:5f09:5ef","192.168.1.34","fe80::50bf:85b5:3486:21ee","169.254.16.215","fe80::a87d:543e:1bec:2019","169.254.249.40","fe80::8901:4461:59fe:171e","192.168.107.1","fe80::aa84:baa5:273e:9786","192.168.101.1"],"mac":["00:09:0f:fe:00:01","5e:08:50:95:ee:fd","a0:8c:fd:c0:21:09","00:ff:9b:fb:0e:60","00:50:56:c0:00:01","00:50:56:c0:00:08"],"hostname":"DESKTOP-R22JGEA"},"winlog":{"provider_guid":"{5770385f-c22a-43e0-bf4c-06f5698ffbd9}","version":5,"event_data":{"LogonGuid":"{515cfcb9-1571-652a-dcc2-030000000000}","Description":"COM Surrogate","Company":"Microsoft Corporation","ParentUser":"-","TerminalSessionId":"1","Product":"Microsoft® Windows® Operating System","FileVersion":"10.0.19041.546 (WinBuild.160101.0800)","LogonId":"0x3c2dc","IntegrityLevel":"Medium"},"channel":"Microsoft-Windows-Sysmon/Operational","task":"Process Create (rule: ProcessCreate)","event_id":"1","process":{"pid":50376,"thread":{"id":52612}},"computer_name":"DESKTOP-R22JGEA","api":"wineventlog","opcode":"Info","user":{"identifier":"S-1-5-18","domain":"NT AUTHORITY","name":"SYSTEM","type":"User"},"provider_name":"Microsoft-Windows-Sysmon","record_id":355307},"event":{"category":["process"],"created":"2023-10-30T08:35:50.718Z","code":"1","kind":"event","provider":"Microsoft-Windows-Sysmon","action":"Process Create (rule: ProcessCreate)","module":"sysmon","type":["start","process_start"]},"log":{"level":"information"},"agent":{"hostname":"DESKTOP-R22JGEA","ephemeral_id":"2bcb455a-41cb-423f-a406-80e7852eeb80","id":"8721693d-644b-4276-8365-0395cf531d90","name":"DESKTOP-R22JGEA","type":"winlogbeat","version":"7.17.4"},"related":{"hash":["6f3c9485f8f97ac04c8e43ef4463a68c","3ed69caab035258e008efbcf40db305891b40ba02ca2737e20defa7c2d4afaf7","b6a6c5247efbd2610e3dea44649d7041"],"user":"hp"},"hash":{"md5":"6f3c9485f8f97ac04c8e43ef4463a68c","sha256":"3ed69caab035258e008efbcf40db305891b40ba02ca2737e20defa7c2d4afaf7","imphash":"b6a6c5247efbd2610e3dea44649d7041"}}
-{"@timestamp":"2023-10-30T08:35:42.439Z","@metadata":{"beat":"winlogbeat","type":"_doc","version":"7.17.4"},"agent":{"type":"winlogbeat","version":"7.17.4","hostname":"DESKTOP-R22JGEA","ephemeral_id":"2bcb455a-41cb-423f-a406-80e7852eeb80","id":"8721693d-644b-4276-8365-0395cf531d90","name":"DESKTOP-R22JGEA"},"winlog":{"user":{"type":"User","identifier":"S-1-5-18","domain":"NT AUTHORITY","name":"SYSTEM"},"channel":"Microsoft-Windows-Sysmon/Operational","event_data":{"ParentUser":"NT AUTHORITY\\SYSTEM","Company":"Microsoft Corporation","LogonGuid":"{515cfcb9-156e-652a-e703-000000000000}","LogonId":"0x3e7","FileVersion":"10.0.19041.1865 (WinBuild.160101.0800)","Description":"Consent UI for administrative applications","IntegrityLevel":"System","TerminalSessionId":"1","Product":"Microsoft® Windows® Operating System"},"task":"Process Create (rule: ProcessCreate)","opcode":"Info","provider_name":"Microsoft-Windows-Sysmon","computer_name":"DESKTOP-R22JGEA","api":"wineventlog","provider_guid":"{5770385f-c22a-43e0-bf4c-06f5698ffbd9}","version":5,"event_id":"1","record_id":355308,"process":{"pid":50376,"thread":{"id":52612}}},"event":{"action":"Process Create (rule: ProcessCreate)","created":"2023-10-30T08:35:50.718Z","code":"1","kind":"event","provider":"Microsoft-Windows-Sysmon","module":"sysmon","type":["start","process_start"],"category":["process"]},"log":{"level":"information"},"message":"Process Create:\nRuleName: -\nUtcTime: 2023-10-30 08:35:42.439\nProcessGuid: {515cfcb9-6ade-653f-3199-000000004e00}\nProcessId: 14208\nImage: C:\\Windows\\System32\\consent.exe\nFileVersion: 10.0.19041.1865 (WinBuild.160101.0800)\nDescription: Consent UI for administrative applications\nProduct: Microsoft® Windows® Operating System\nCompany: Microsoft Corporation\nOriginalFileName: consent.exe\nCommandLine: consent.exe 12088 272 0000021094E88890\nCurrentDirectory: C:\\Windows\\system32\\\nUser: NT AUTHORITY\\SYSTEM\nLogonGuid: {515cfcb9-156e-652a-e703-000000000000}\nLogonId: 0x3E7\nTerminalSessionId: 1\nIntegrityLevel: System\nHashes: MD5=DD5032EF160209E470E2612A8A3D5F59,SHA256=7FF00DE6D57E83E0A3D566935C7557F11F9B12270529582987FF14EE65502EA6,IMPHASH=7001337914CFB426620F508E54CDF72F\nParentProcessGuid: {515cfcb9-1589-652a-2b01-000000004e00}\nParentProcessId: 12088\nParentImage: C:\\Windows\\System32\\svchost.exe\nParentCommandLine: C:\\Windows\\system32\\svchost.exe -k netsvcs -p -s Appinfo\nParentUser: NT AUTHORITY\\SYSTEM","related":{"user":"SYSTEM","hash":["dd5032ef160209e470e2612a8a3d5f59","7ff00de6d57e83e0a3d566935c7557f11f9b12270529582987ff14ee65502ea6","7001337914cfb426620f508e54cdf72f"]},"hash":{"md5":"dd5032ef160209e470e2612a8a3d5f59","sha256":"7ff00de6d57e83e0a3d566935c7557f11f9b12270529582987ff14ee65502ea6","imphash":"7001337914cfb426620f508e54cdf72f"},"host":{"mac":["00:09:0f:fe:00:01","5e:08:50:95:ee:fd","a0:8c:fd:c0:21:09","00:ff:9b:fb:0e:60","00:50:56:c0:00:01","00:50:56:c0:00:08"],"name":"DESKTOP-R22JGEA","hostname":"DESKTOP-R22JGEA","architecture":"x86_64","os":{"kernel":"10.0.19041.3324 (WinBuild.160101.0800)","build":"19045.3324","type":"windows","platform":"windows","version":"10.0","family":"windows","name":"Windows 10 Pro"},"id":"515cfcb9-6bc2-4928-8660-8498bfa8d3c0","ip":["fe80::ee9d:e9aa:1ab7:9167","169.254.22.149","fe80::a170:ca71:9f4:5cc8","169.254.105.43","fe80::da2e:c851:afd7:4052","169.254.242.62","fe80::4e93:f6c1:5f09:5ef","192.168.1.34","fe80::50bf:85b5:3486:21ee","169.254.16.215","fe80::a87d:543e:1bec:2019","169.254.249.40","fe80::8901:4461:59fe:171e","192.168.107.1","fe80::aa84:baa5:273e:9786","192.168.101.1"]},"process":{"entity_id":"{515cfcb9-6ade-653f-3199-000000004e00}","executable":"C:\\Windows\\System32\\consent.exe","command_line":"consent.exe 12088 272 0000021094E88890","hash":{"sha256":"7ff00de6d57e83e0a3d566935c7557f11f9b12270529582987ff14ee65502ea6","md5":"dd5032ef160209e470e2612a8a3d5f59"},"pid":14208,"working_directory":"C:\\Windows\\system32\\","parent":{"executable":"C:\\Windows\\System32\\svchost.exe","command_line":"C:\\Windows\\system32\\svchost.exe -k netsvcs -p -s Appinfo","name":"svchost.exe","args":["C:\\Windows\\system32\\svchost.exe","-k","netsvcs","-p","-s","Appinfo"],"entity_id":"{515cfcb9-1589-652a-2b01-000000004e00}","pid":12088},"pe":{"original_file_name":"consent.exe","company":"Microsoft Corporation","description":"Consent UI for administrative applications","file_version":"10.0.19041.1865 (WinBuild.160101.0800)","product":"Microsoft® Windows® Operating System","imphash":"7001337914cfb426620f508e54cdf72f"},"name":"consent.exe","args":["consent.exe","12088","272","0000021094E88890"]},"user":{"id":"S-1-5-18","domain":"NT AUTHORITY","name":"SYSTEM"},"ecs":{"version":"1.12.0"}}
-{"@timestamp":"2023-10-30T08:35:46.811Z","@metadata":{"beat":"winlogbeat","type":"_doc","version":"7.17.4"},"host":{"ip":["fe80::ee9d:e9aa:1ab7:9167","169.254.22.149","fe80::a170:ca71:9f4:5cc8","169.254.105.43","fe80::da2e:c851:afd7:4052","169.254.242.62","fe80::4e93:f6c1:5f09:5ef","192.168.1.34","fe80::50bf:85b5:3486:21ee","169.254.16.215","fe80::a87d:543e:1bec:2019","169.254.249.40","fe80::8901:4461:59fe:171e","192.168.107.1","fe80::aa84:baa5:273e:9786","192.168.101.1"],"name":"DESKTOP-R22JGEA","mac":["00:09:0f:fe:00:01","5e:08:50:95:ee:fd","a0:8c:fd:c0:21:09","00:ff:9b:fb:0e:60","00:50:56:c0:00:01","00:50:56:c0:00:08"],"hostname":"DESKTOP-R22JGEA","architecture":"x86_64","os":{"platform":"windows","version":"10.0","family":"windows","name":"Windows 10 Pro","kernel":"10.0.19041.3324 (WinBuild.160101.0800)","build":"19045.3324","type":"windows"},"id":"515cfcb9-6bc2-4928-8660-8498bfa8d3c0"},"message":"Process Create:\nRuleName: -\nUtcTime: 2023-10-30 08:35:46.811\nProcessGuid: {515cfcb9-6ae2-653f-3399-000000004e00}\nProcessId: 53040\nImage: C:\\Windows\\System32\\consent.exe\nFileVersion: 10.0.19041.1865 (WinBuild.160101.0800)\nDescription: Consent UI for administrative applications\nProduct: Microsoft® Windows® Operating System\nCompany: Microsoft Corporation\nOriginalFileName: consent.exe\nCommandLine: consent.exe 12088 272 0000021094E88760\nCurrentDirectory: C:\\Windows\\system32\\\nUser: NT AUTHORITY\\SYSTEM\nLogonGuid: {515cfcb9-156e-652a-e703-000000000000}\nLogonId: 0x3E7\nTerminalSessionId: 1\nIntegrityLevel: System\nHashes: MD5=DD5032EF160209E470E2612A8A3D5F59,SHA256=7FF00DE6D57E83E0A3D566935C7557F11F9B12270529582987FF14EE65502EA6,IMPHASH=7001337914CFB426620F508E54CDF72F\nParentProcessGuid: {515cfcb9-1589-652a-2b01-000000004e00}\nParentProcessId: 12088\nParentImage: C:\\Windows\\System32\\svchost.exe\nParentCommandLine: C:\\Windows\\system32\\svchost.exe -k netsvcs -p -s Appinfo\nParentUser: NT AUTHORITY\\SYSTEM","process":{"parent":{"executable":"C:\\Windows\\System32\\svchost.exe","command_line":"C:\\Windows\\system32\\svchost.exe -k netsvcs -p -s Appinfo","name":"svchost.exe","args":["C:\\Windows\\system32\\svchost.exe","-k","netsvcs","-p","-s","Appinfo"],"entity_id":"{515cfcb9-1589-652a-2b01-000000004e00}","pid":12088},"pe":{"company":"Microsoft Corporation","description":"Consent UI for administrative applications","file_version":"10.0.19041.1865 (WinBuild.160101.0800)","product":"Microsoft® Windows® Operating System","imphash":"7001337914cfb426620f508e54cdf72f","original_file_name":"consent.exe"},"name":"consent.exe","pid":53040,"executable":"C:\\Windows\\System32\\consent.exe","working_directory":"C:\\Windows\\system32\\","hash":{"md5":"dd5032ef160209e470e2612a8a3d5f59","sha256":"7ff00de6d57e83e0a3d566935c7557f11f9b12270529582987ff14ee65502ea6"},"entity_id":"{515cfcb9-6ae2-653f-3399-000000004e00}","command_line":"consent.exe 12088 272 0000021094E88760","args":["consent.exe","12088","272","0000021094E88760"]},"related":{"user":"SYSTEM","hash":["dd5032ef160209e470e2612a8a3d5f59","7ff00de6d57e83e0a3d566935c7557f11f9b12270529582987ff14ee65502ea6","7001337914cfb426620f508e54cdf72f"]},"hash":{"md5":"dd5032ef160209e470e2612a8a3d5f59","sha256":"7ff00de6d57e83e0a3d566935c7557f11f9b12270529582987ff14ee65502ea6","imphash":"7001337914cfb426620f508e54cdf72f"},"ecs":{"version":"1.12.0"},"agent":{"version":"7.17.4","hostname":"DESKTOP-R22JGEA","ephemeral_id":"2bcb455a-41cb-423f-a406-80e7852eeb80","id":"8721693d-644b-4276-8365-0395cf531d90","name":"DESKTOP-R22JGEA","type":"winlogbeat"},"winlog":{"computer_name":"DESKTOP-R22JGEA","event_data":{"LogonGuid":"{515cfcb9-156e-652a-e703-000000000000}","FileVersion":"10.0.19041.1865 (WinBuild.160101.0800)","IntegrityLevel":"System","ParentUser":"NT AUTHORITY\\SYSTEM","TerminalSessionId":"1","Company":"Microsoft Corporation","Product":"Microsoft® Windows® Operating System","Description":"Consent UI for administrative applications","LogonId":"0x3e7"},"event_id":"1","version":5,"api":"wineventlog","user":{"identifier":"S-1-5-18","domain":"NT AUTHORITY","name":"SYSTEM","type":"User"},"opcode":"Info","provider_guid":"{5770385f-c22a-43e0-bf4c-06f5698ffbd9}","channel":"Microsoft-Windows-Sysmon/Operational","record_id":355309,"task":"Process Create (rule: ProcessCreate)","process":{"pid":50376,"thread":{"id":52612}},"provider_name":"Microsoft-Windows-Sysmon"},"event":{"action":"Process Create (rule: ProcessCreate)","created":"2023-10-30T08:35:50.718Z","code":"1","module":"sysmon","type":["start","process_start"],"category":["process"],"kind":"event","provider":"Microsoft-Windows-Sysmon"},"log":{"level":"information"},"user":{"id":"S-1-5-18","domain":"NT AUTHORITY","name":"SYSTEM"}}
\ No newline at end of file
+{"test":"ttt","@timestamp":"2023-10-30T08:35:41.169Z","@metadata":{"beat":"winlogbeat","type":"_doc","version":"7.17.4"},"process":{"entity_id":"{515cfcb9-6add-653f-3099-000000004e00}","pid":32164,"executable":"C:\\Windows\\SysWOW64\\dllhost.exe","command_line":"\"C:\\Windows\\SysWOW64\\DllHost.exe\" /Processid:{776DBC8D-7347-478C-8D71-791E12EF49D8}","parent":{"entity_id":"{00000000-0000-0000-0000-000000000000}","pid":968,"executable":"-","command_line":"-","name":"-","args":["-"]},"pe":{"original_file_name":"dllhost.exe","company":"Microsoft Corporation","description":"COM Surrogate","file_version":"10.0.19041.546 (WinBuild.160101.0800)","product":"Microsoft® Windows® Operating System","imphash":"b6a6c5247efbd2610e3dea44649d7041"},"args":["C:\\Windows\\SysWOW64\\DllHost.exe","/Processid:{776DBC8D-7347-478C-8D71-791E12EF49D8}"],"hash":{"sha256":"3ed69caab035258e008efbcf40db305891b40ba02ca2737e20defa7c2d4afaf7","md5":"6f3c9485f8f97ac04c8e43ef4463a68c"},"working_directory":"C:\\Windows\\system32\\","name":"dllhost.exe"},"user":{"id":"S-1-5-18","domain":"DESKTOP-R22JGEA","name":"hp"},"ecs":{"version":"1.12.0"},"message":"Process Create:\nRuleName: -\nUtcTime: 2023-10-30 08:35:41.169\nProcessGuid: {515cfcb9-6add-653f-3099-000000004e00}\nProcessId: 32164\nImage: C:\\Windows\\SysWOW64\\dllhost.exe\nFileVersion: 10.0.19041.546 (WinBuild.160101.0800)\nDescription: COM Surrogate\nProduct: Microsoft® Windows® Operating System\nCompany: Microsoft Corporation\nOriginalFileName: dllhost.exe\nCommandLine: \"C:\\Windows\\SysWOW64\\DllHost.exe\" /Processid:{776DBC8D-7347-478C-8D71-791E12EF49D8}\nCurrentDirectory: C:\\Windows\\system32\\\nUser: DESKTOP-R22JGEA\\hp\nLogonGuid: {515cfcb9-1571-652a-dcc2-030000000000}\nLogonId: 0x3C2DC\nTerminalSessionId: 1\nIntegrityLevel: Medium\nHashes: MD5=6F3C9485F8F97AC04C8E43EF4463A68C,SHA256=3ED69CAAB035258E008EFBCF40DB305891B40BA02CA2737E20DEFA7C2D4AFAF7,IMPHASH=B6A6C5247EFBD2610E3DEA44649D7041\nParentProcessGuid: {00000000-0000-0000-0000-000000000000}\nParentProcessId: 968\nParentImage: -\nParentCommandLine: -\nParentUser: -","host":{"architecture":"x86_64","name":"DESKTOP-R22JGEA","os":{"type":"windows","platform":"windows","version":"10.0","family":"windows","name":"Windows 10 Pro","kernel":"10.0.19041.3324 (WinBuild.160101.0800)","build":"19045.3324"},"id":"515cfcb9-6bc2-4928-8660-8498bfa8d3c0","ip":["fe80::ee9d:e9aa:1ab7:9167","169.254.22.149","fe80::a170:ca71:9f4:5cc8","169.254.105.43","fe80::da2e:c851:afd7:4052","169.254.242.62","fe80::4e93:f6c1:5f09:5ef","192.168.1.34","fe80::50bf:85b5:3486:21ee","169.254.16.215","fe80::a87d:543e:1bec:2019","169.254.249.40","fe80::8901:4461:59fe:171e","192.168.107.1","fe80::aa84:baa5:273e:9786","192.168.101.1"],"mac":["00:09:0f:fe:00:01","5e:08:50:95:ee:fd","a0:8c:fd:c0:21:09","00:ff:9b:fb:0e:60","00:50:56:c0:00:01","00:50:56:c0:00:08"],"hostname":"DESKTOP-R22JGEA"},"winlog":{"provider_guid":"{5770385f-c22a-43e0-bf4c-06f5698ffbd9}","version":5,"event_data":{"LogonGuid":"{515cfcb9-1571-652a-dcc2-030000000000}","Description":"COM Surrogate","Company":"Microsoft Corporation","ParentUser":"-","TerminalSessionId":"1","Product":"Microsoft® Windows® Operating System","FileVersion":"10.0.19041.546 (WinBuild.160101.0800)","LogonId":"0x3c2dc","IntegrityLevel":"Medium"},"channel":"Microsoft-Windows-Sysmon/Operational","task":"Process Create (rule: ProcessCreate)","event_id":"1","process":{"pid":50376,"thread":{"id":52612}},"computer_name":"DESKTOP-R22JGEA","api":"wineventlog","opcode":"Info","user":{"identifier":"S-1-5-18","domain":"NT AUTHORITY","name":"SYSTEM","type":"User"},"provider_name":"Microsoft-Windows-Sysmon","record_id":355307},"event":{"category":["process"],"created":"2023-10-30T08:35:50.718Z","code":"1","kind":"event","provider":"Microsoft-Windows-Sysmon","action":"Process Create (rule: ProcessCreate)","module":"sysmon","type":["start","process_start"]},"log":{"level":"information"},"agent":{"hostname":"DESKTOP-R22JGEA","ephemeral_id":"2bcb455a-41cb-423f-a406-80e7852eeb80","id":"8721693d-644b-4276-8365-0395cf531d90","name":"DESKTOP-R22JGEA","type":"winlogbeat","version":"7.17.4"},"related":{"hash":["6f3c9485f8f97ac04c8e43ef4463a68c","3ed69caab035258e008efbcf40db305891b40ba02ca2737e20defa7c2d4afaf7","b6a6c5247efbd2610e3dea44649d7041"],"user":"hp"},"hash":{"md5":"6f3c9485f8f97ac04c8e43ef4463a68c","sha256":"3ed69caab035258e008efbcf40db305891b40ba02ca2737e20defa7c2d4afaf7","imphash":"b6a6c5247efbd2610e3dea44649d7041"}}
+{"test":"ttt","@timestamp":"2023-10-30T08:35:42.439Z","@metadata":{"beat":"winlogbeat","type":"_doc","version":"7.17.4"},"agent":{"type":"winlogbeat","version":"7.17.4","hostname":"DESKTOP-R22JGEA","ephemeral_id":"2bcb455a-41cb-423f-a406-80e7852eeb80","id":"8721693d-644b-4276-8365-0395cf531d90","name":"DESKTOP-R22JGEA"},"winlog":{"user":{"type":"User","identifier":"S-1-5-18","domain":"NT AUTHORITY","name":"SYSTEM"},"channel":"Microsoft-Windows-Sysmon/Operational","event_data":{"ParentUser":"NT AUTHORITY\\SYSTEM","Company":"Microsoft Corporation","LogonGuid":"{515cfcb9-156e-652a-e703-000000000000}","LogonId":"0x3e7","FileVersion":"10.0.19041.1865 (WinBuild.160101.0800)","Description":"Consent UI for administrative applications","IntegrityLevel":"System","TerminalSessionId":"1","Product":"Microsoft® Windows® Operating System"},"task":"Process Create (rule: ProcessCreate)","opcode":"Info","provider_name":"Microsoft-Windows-Sysmon","computer_name":"DESKTOP-R22JGEA","api":"wineventlog","provider_guid":"{5770385f-c22a-43e0-bf4c-06f5698ffbd9}","version":5,"event_id":"1","record_id":355308,"process":{"pid":50376,"thread":{"id":52612}}},"event":{"action":"Process Create (rule: ProcessCreate)","created":"2023-10-30T08:35:50.718Z","code":"1","kind":"event","provider":"Microsoft-Windows-Sysmon","module":"sysmon","type":["start","process_start"],"category":["process"]},"log":{"level":"information"},"message":"Process Create:\nRuleName: -\nUtcTime: 2023-10-30 08:35:42.439\nProcessGuid: {515cfcb9-6ade-653f-3199-000000004e00}\nProcessId: 14208\nImage: C:\\Windows\\System32\\consent.exe\nFileVersion: 10.0.19041.1865 (WinBuild.160101.0800)\nDescription: Consent UI for administrative applications\nProduct: Microsoft® Windows® Operating System\nCompany: Microsoft Corporation\nOriginalFileName: consent.exe\nCommandLine: consent.exe 12088 272 0000021094E88890\nCurrentDirectory: C:\\Windows\\system32\\\nUser: NT AUTHORITY\\SYSTEM\nLogonGuid: {515cfcb9-156e-652a-e703-000000000000}\nLogonId: 0x3E7\nTerminalSessionId: 1\nIntegrityLevel: System\nHashes: MD5=DD5032EF160209E470E2612A8A3D5F59,SHA256=7FF00DE6D57E83E0A3D566935C7557F11F9B12270529582987FF14EE65502EA6,IMPHASH=7001337914CFB426620F508E54CDF72F\nParentProcessGuid: {515cfcb9-1589-652a-2b01-000000004e00}\nParentProcessId: 12088\nParentImage: C:\\Windows\\System32\\svchost.exe\nParentCommandLine: C:\\Windows\\system32\\svchost.exe -k netsvcs -p -s Appinfo\nParentUser: NT AUTHORITY\\SYSTEM","related":{"user":"SYSTEM","hash":["dd5032ef160209e470e2612a8a3d5f59","7ff00de6d57e83e0a3d566935c7557f11f9b12270529582987ff14ee65502ea6","7001337914cfb426620f508e54cdf72f"]},"hash":{"md5":"dd5032ef160209e470e2612a8a3d5f59","sha256":"7ff00de6d57e83e0a3d566935c7557f11f9b12270529582987ff14ee65502ea6","imphash":"7001337914cfb426620f508e54cdf72f"},"host":{"mac":["00:09:0f:fe:00:01","5e:08:50:95:ee:fd","a0:8c:fd:c0:21:09","00:ff:9b:fb:0e:60","00:50:56:c0:00:01","00:50:56:c0:00:08"],"name":"DESKTOP-R22JGEA","hostname":"DESKTOP-R22JGEA","architecture":"x86_64","os":{"kernel":"10.0.19041.3324 (WinBuild.160101.0800)","build":"19045.3324","type":"windows","platform":"windows","version":"10.0","family":"windows","name":"Windows 10 Pro"},"id":"515cfcb9-6bc2-4928-8660-8498bfa8d3c0","ip":["fe80::ee9d:e9aa:1ab7:9167","169.254.22.149","fe80::a170:ca71:9f4:5cc8","169.254.105.43","fe80::da2e:c851:afd7:4052","169.254.242.62","fe80::4e93:f6c1:5f09:5ef","192.168.1.34","fe80::50bf:85b5:3486:21ee","169.254.16.215","fe80::a87d:543e:1bec:2019","169.254.249.40","fe80::8901:4461:59fe:171e","192.168.107.1","fe80::aa84:baa5:273e:9786","192.168.101.1"]},"process":{"entity_id":"{515cfcb9-6ade-653f-3199-000000004e00}","executable":"C:\\Windows\\System32\\consent.exe","command_line":"consent.exe 12088 272 0000021094E88890","hash":{"sha256":"7ff00de6d57e83e0a3d566935c7557f11f9b12270529582987ff14ee65502ea6","md5":"dd5032ef160209e470e2612a8a3d5f59"},"pid":14208,"working_directory":"C:\\Windows\\system32\\","parent":{"executable":"C:\\Windows\\System32\\svchost.exe","command_line":"C:\\Windows\\system32\\svchost.exe -k netsvcs -p -s Appinfo","name":"svchost.exe","args":["C:\\Windows\\system32\\svchost.exe","-k","netsvcs","-p","-s","Appinfo"],"entity_id":"{515cfcb9-1589-652a-2b01-000000004e00}","pid":12088},"pe":{"original_file_name":"consent.exe","company":"Microsoft Corporation","description":"Consent UI for administrative applications","file_version":"10.0.19041.1865 (WinBuild.160101.0800)","product":"Microsoft® Windows® Operating System","imphash":"7001337914cfb426620f508e54cdf72f"},"name":"consent.exe","args":["consent.exe","12088","272","0000021094E88890"]},"user":{"id":"S-1-5-18","domain":"NT AUTHORITY","name":"SYSTEM"},"ecs":{"version":"1.12.0"}}
+{"test":"ttt","@timestamp":"2023-10-30T08:35:46.811Z","@metadata":{"beat":"winlogbeat","type":"_doc","version":"7.17.4"},"host":{"ip":["fe80::ee9d:e9aa:1ab7:9167","169.254.22.149","fe80::a170:ca71:9f4:5cc8","169.254.105.43","fe80::da2e:c851:afd7:4052","169.254.242.62","fe80::4e93:f6c1:5f09:5ef","192.168.1.34","fe80::50bf:85b5:3486:21ee","169.254.16.215","fe80::a87d:543e:1bec:2019","169.254.249.40","fe80::8901:4461:59fe:171e","192.168.107.1","fe80::aa84:baa5:273e:9786","192.168.101.1"],"name":"DESKTOP-R22JGEA","mac":["00:09:0f:fe:00:01","5e:08:50:95:ee:fd","a0:8c:fd:c0:21:09","00:ff:9b:fb:0e:60","00:50:56:c0:00:01","00:50:56:c0:00:08"],"hostname":"DESKTOP-R22JGEA","architecture":"x86_64","os":{"platform":"windows","version":"10.0","family":"windows","name":"Windows 10 Pro","kernel":"10.0.19041.3324 (WinBuild.160101.0800)","build":"19045.3324","type":"windows"},"id":"515cfcb9-6bc2-4928-8660-8498bfa8d3c0"},"message":"Process Create:\nRuleName: -\nUtcTime: 2023-10-30 08:35:46.811\nProcessGuid: {515cfcb9-6ae2-653f-3399-000000004e00}\nProcessId: 53040\nImage: C:\\Windows\\System32\\consent.exe\nFileVersion: 10.0.19041.1865 (WinBuild.160101.0800)\nDescription: Consent UI for administrative applications\nProduct: Microsoft® Windows® Operating System\nCompany: Microsoft Corporation\nOriginalFileName: consent.exe\nCommandLine: consent.exe 12088 272 0000021094E88760\nCurrentDirectory: C:\\Windows\\system32\\\nUser: NT AUTHORITY\\SYSTEM\nLogonGuid: {515cfcb9-156e-652a-e703-000000000000}\nLogonId: 0x3E7\nTerminalSessionId: 1\nIntegrityLevel: System\nHashes: MD5=DD5032EF160209E470E2612A8A3D5F59,SHA256=7FF00DE6D57E83E0A3D566935C7557F11F9B12270529582987FF14EE65502EA6,IMPHASH=7001337914CFB426620F508E54CDF72F\nParentProcessGuid: {515cfcb9-1589-652a-2b01-000000004e00}\nParentProcessId: 12088\nParentImage: C:\\Windows\\System32\\svchost.exe\nParentCommandLine: C:\\Windows\\system32\\svchost.exe -k netsvcs -p -s Appinfo\nParentUser: NT AUTHORITY\\SYSTEM","process":{"parent":{"executable":"C:\\Windows\\System32\\svchost.exe","command_line":"C:\\Windows\\system32\\svchost.exe -k netsvcs -p -s Appinfo","name":"svchost.exe","args":["C:\\Windows\\system32\\svchost.exe","-k","netsvcs","-p","-s","Appinfo"],"entity_id":"{515cfcb9-1589-652a-2b01-000000004e00}","pid":12088},"pe":{"company":"Microsoft Corporation","description":"Consent UI for administrative applications","file_version":"10.0.19041.1865 (WinBuild.160101.0800)","product":"Microsoft® Windows® Operating System","imphash":"7001337914cfb426620f508e54cdf72f","original_file_name":"consent.exe"},"name":"consent.exe","pid":53040,"executable":"C:\\Windows\\System32\\consent.exe","working_directory":"C:\\Windows\\system32\\","hash":{"md5":"dd5032ef160209e470e2612a8a3d5f59","sha256":"7ff00de6d57e83e0a3d566935c7557f11f9b12270529582987ff14ee65502ea6"},"entity_id":"{515cfcb9-6ae2-653f-3399-000000004e00}","command_line":"consent.exe 12088 272 0000021094E88760","args":["consent.exe","12088","272","0000021094E88760"]},"related":{"user":"SYSTEM","hash":["dd5032ef160209e470e2612a8a3d5f59","7ff00de6d57e83e0a3d566935c7557f11f9b12270529582987ff14ee65502ea6","7001337914cfb426620f508e54cdf72f"]},"hash":{"md5":"dd5032ef160209e470e2612a8a3d5f59","sha256":"7ff00de6d57e83e0a3d566935c7557f11f9b12270529582987ff14ee65502ea6","imphash":"7001337914cfb426620f508e54cdf72f"},"ecs":{"version":"1.12.0"},"agent":{"version":"7.17.4","hostname":"DESKTOP-R22JGEA","ephemeral_id":"2bcb455a-41cb-423f-a406-80e7852eeb80","id":"8721693d-644b-4276-8365-0395cf531d90","name":"DESKTOP-R22JGEA","type":"winlogbeat"},"winlog":{"computer_name":"DESKTOP-R22JGEA","event_data":{"LogonGuid":"{515cfcb9-156e-652a-e703-000000000000}","FileVersion":"10.0.19041.1865 (WinBuild.160101.0800)","IntegrityLevel":"System","ParentUser":"NT AUTHORITY\\SYSTEM","TerminalSessionId":"1","Company":"Microsoft Corporation","Product":"Microsoft® Windows® Operating System","Description":"Consent UI for administrative applications","LogonId":"0x3e7"},"event_id":"1","version":5,"api":"wineventlog","user":{"identifier":"S-1-5-18","domain":"NT AUTHORITY","name":"SYSTEM","type":"User"},"opcode":"Info","provider_guid":"{5770385f-c22a-43e0-bf4c-06f5698ffbd9}","channel":"Microsoft-Windows-Sysmon/Operational","record_id":355309,"task":"Process Create (rule: ProcessCreate)","process":{"pid":50376,"thread":{"id":52612}},"provider_name":"Microsoft-Windows-Sysmon"},"event":{"action":"Process Create (rule: ProcessCreate)","created":"2023-10-30T08:35:50.718Z","code":"1","module":"sysmon","type":["start","process_start"],"category":["process"],"kind":"event","provider":"Microsoft-Windows-Sysmon"},"log":{"level":"information"},"user":{"id":"S-1-5-18","domain":"NT AUTHORITY","name":"SYSTEM"}}
\ No newline at end of file
diff --git a/main.go b/main.go
index 5a31b87..2a972f7 100644
--- a/main.go
+++ b/main.go
@@ -25,19 +25,12 @@ type JsonLogs struct {
 }
 
 type LogsMap map[string]JsonLogs
-type Field struct {
-	Key string
-	Val string
-}
 
 var (
 	dest, sources *string
 	ca, cert, key *string
 	inifity       *bool
 	delay         *int64
-	overwriteDate *bool
-	fields        *string
-	fieldsList    []Field
 
 	logsMap   LogsMap = make(LogsMap)
 	tlsConfig *tls.Config
@@ -54,8 +47,6 @@ func main() {
 	sources = flag.String("s", "", "sources")
 	inifity = flag.Bool("i", false, "inifity mode")
 	delay = flag.Int64("d", 0, "delay for each turn in inifity mode (miliseconds)")
-	overwriteDate = flag.Bool("overwrite-date", false, "overwrite date to now")
-	fields = flag.String("fields", "", "add field to log")
 	ca = flag.String("ca", "", "ca certificate")
 	cert = flag.String("cert", "", "cert certificate")
 	key = flag.String("key", "", "key certificate")
@@ -67,16 +58,6 @@ func main() {
 	if *sources != "" {
 		incs = strings.Split(*sources, ",")
 	}
-	if *fields != "" {
-		fl := strings.Split(*fields, ",")
-		for _, f := range fl {
-			kv := strings.Split(f, "=")
-			fieldsList = append(fieldsList, Field{
-				Key: kv[0],
-				Val: kv[1],
-			})
-		}
-	}
 
 	tlsConfig, err = tls_config.LoadTLSCredentials(tls_config.Config{
 		CAPath:   *ca,
@@ -163,26 +144,6 @@ func sendBeatsLogs(ip string, mylog JsonLogs) {
 
 }
 
-func addFields(m interface{}, fields []Field) interface{} {
-	if len(fields) == 0 {
-		return m
-	}
-
-	if _, ok := m.(map[string]interface{})["fields"]; !ok {
-		m.(map[string]interface{})["fields"] = map[string]interface{}{}
-	}
-
-	a, ok := m.(map[string]interface{})["fields"].(map[string]interface{})
-	if !ok {
-		log.Fatal("failed to parse fields struct")
-	}
-	for _, f := range fields {
-		a[f.Key] = f.Val
-	}
-
-	return a
-}
-
 func sendSyslogLogs(ip string, mylog JsonLogs) {
 	var conn net.Conn
 	var err error