From 424b0263dfb426c853d258c8c2fd3d4c95a100b3 Mon Sep 17 00:00:00 2001
From: frack113 <magicfrancois@gmail.com>
Date: Wed, 29 Sep 2021 08:53:22 +0200
Subject: [PATCH] add EventID 26

---
 tools/config/generic/sysmon.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/tools/config/generic/sysmon.yml b/tools/config/generic/sysmon.yml
index a5aaac023..da857d686 100644
--- a/tools/config/generic/sysmon.yml
+++ b/tools/config/generic/sysmon.yml
@@ -143,7 +143,9 @@ logsources:
         category: file_delete
         product: windows
         conditions:
-            EventID: 23
+            EventID: 
+                - 23
+                - 26
         rewrite:
             product: windows
             service: sysmon