Skip to content

Commit

Permalink
add image to executableinfo
Browse files Browse the repository at this point in the history
  • Loading branch information
@randomaccess3
randomaccess3 authored Sep 5, 2024
1 parent 43d28b1 commit e4cc937
Showing 1 changed file with 8 additions and 1 deletion.
9 changes: 8 additions & 1 deletion evtx/Maps/Microsoft-Windows-Sysmon-Operational_Microsoft-Windows-Sysmon_3.map
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,13 @@ Maps:
-
Name: User
Value: "/Event/EventData/Data[@Name=\"User\"]"
-
Property: ExecutableInfo
PropertyValue: "%Image%"
Values:
-
Name: Image
Value: "/Event/EventData/Data[@Name=\"Image\"]"

# Documentation:

Check warning on line 68 in evtx/Maps/Microsoft-Windows-Sysmon-Operational_Microsoft-Windows-Sysmon_3.map

View workflow job for this annotation

GitHub Actions / lintAllTheThings 

68:1 [comments-indentation] comment not indented like content
# https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon#events
Expand Down Expand Up @@ -104,4 +111,4 @@ Maps:
# <Data Name="DestinationPort">49304</Data>
# <Data Name="DestinationPortName"></Data>
# </EventData>
# </Event>
# </Event>

Check failure on line 114 in evtx/Maps/Microsoft-Windows-Sysmon-Operational_Microsoft-Windows-Sysmon_3.map

View workflow job for this annotation

GitHub Actions / lintAllTheThings 

114:11 [new-line-at-end-of-file] no new line character at the end of file

0 comments on commit e4cc937

Please sign in to comment.