diff --git a/tools/config/generic/sysmon.yml b/tools/config/generic/sysmon.yml
index a5aaac023..da857d686 100644
--- a/tools/config/generic/sysmon.yml
+++ b/tools/config/generic/sysmon.yml
@@ -143,7 +143,9 @@ logsources:
         category: file_delete
         product: windows
         conditions:
-            EventID: 23
+            EventID: 
+                - 23
+                - 26
         rewrite:
             product: windows
             service: sysmon