From 84b181d170bac2155e0ad73fdcbc3c70e4ea33ce Mon Sep 17 00:00:00 2001
From: Florian Roth <florian.roth@nextron-systems.com>
Date: Thu, 8 Jul 2021 08:55:33 +0200
Subject: [PATCH] Revert "feat: OriginalFileName mapping in MDATP ImageLoad
 events"

This reverts commit cdc434cfc485bfd7b0cfafbc7df7347c67d5eec1.
---
 tools/sigma/backends/mdatp.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/tools/sigma/backends/mdatp.py b/tools/sigma/backends/mdatp.py
index b9e1b82d9..eb535835a 100644
--- a/tools/sigma/backends/mdatp.py
+++ b/tools/sigma/backends/mdatp.py
@@ -160,7 +160,6 @@ class WindowsDefenderATPBackend(SingleTextQueryBackend):
                 "DeviceName": (self.id_mapping, self.default_value_mapping),
                 "EventType": ("ActionType", self.default_value_mapping),
                 "FileName": (self.id_mapping, self.default_value_mapping),
-                "OriginalFileName": ("OriginalFileName", self.default_value_mapping),
                 "Image": ("InitiatingProcessFolderPath", self.default_value_mapping),
                 "ImageLoaded": ("FolderPath", self.default_value_mapping),
                 "ParentCommandLine": ("InitiatingProcessCommandLine", self.default_value_mapping),