Skip to content

Commit

Permalink
Merge pull request #240 from randomaccess3/master
Browse files Browse the repository at this point in the history 
add image to executableinfo
  • Loading branch information
@EricZimmerman
EricZimmerman authored Sep 5, 2024
2 parents 7497eaa + 40a9532 commit 1029228
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions evtx/Maps/Microsoft-Windows-Sysmon-Operational_Microsoft-Windows-Sysmon_3.map
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,13 @@ Maps:
-
Name: User
Value: "/Event/EventData/Data[@Name=\"User\"]"
-
Property: ExecutableInfo
PropertyValue: "%Image%"
Values:
-
Name: Image
Value: "/Event/EventData/Data[@Name=\"Image\"]"

# Documentation:
# https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon#events
Expand Down

0 comments on commit 1029228

Please sign in to comment.