From 316aa03efdedb1e103f489f8358f7febc4fd2e3f Mon Sep 17 00:00:00 2001
From: frack113 <62423083+frack113@users.noreply.github.com>
Date: Fri, 23 Dec 2022 20:59:40 +0100
Subject: [PATCH] Update hawk.yml

---
 tools/config/hawk.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/config/hawk.yml b/tools/config/hawk.yml
index a843a4fda..27ebcc03c 100644
--- a/tools/config/hawk.yml
+++ b/tools/config/hawk.yml
@@ -171,7 +171,7 @@ logsources:
    category: file_change
    conditions:
      product_name: "Sysmon"
-     vendor_id: "11"
+     vendor_id: "2"
  windows-pipe-created:
    product: windows
    category: pipe_created