From ad899899abc70f5672751259e96b2ded403a3c2b Mon Sep 17 00:00:00 2001
From: findthebad <findthebad@simplenetworks.ca>
Date: Thu, 26 Nov 2020 14:48:14 -0500
Subject: [PATCH] Updated winlogbeat.yml config to include OriginalFileName

---
 tools/config/winlogbeat.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tools/config/winlogbeat.yml b/tools/config/winlogbeat.yml
index 4b13103dd..4f2b45371 100644
--- a/tools/config/winlogbeat.yml
+++ b/tools/config/winlogbeat.yml
@@ -112,6 +112,7 @@ fieldmappings:
   ObjectName: winlog.event_data.ObjectName
   ObjectType: winlog.event_data.ObjectType
   ObjectValueName: winlog.event_data.ObjectValueName
+  OriginalFileName: winlog.event_data.OriginalFileName
   ParentCommandLine: winlog.event_data.ParentCommandLine
   ParentProcessName: winlog.event_data.ParentProcessName
   ParentImage: winlog.event_data.ParentImage