From 87a0bed0ecb2ffafff6422ff7dba2ffb85fcbc41 Mon Sep 17 00:00:00 2001
From: frack113 <62423083+frack113@users.noreply.github.com>
Date: Sat, 5 Mar 2022 11:35:49 +0100
Subject: [PATCH] Add missing WinEventLog prefix

---
 tools/config/splunk-windows.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/tools/config/splunk-windows.yml b/tools/config/splunk-windows.yml
index d97c89690..32844030b 100644
--- a/tools/config/splunk-windows.yml
+++ b/tools/config/splunk-windows.yml
@@ -111,7 +111,7 @@ logsources:
     product: windows
     service: codeintegrity-operational
     conditions:
-      source: 'Microsoft-Windows-CodeIntegrity/Operational'
+      source: 'WinEventLog:Microsoft-Windows-CodeIntegrity/Operational'
   windows-smbclient-security:
     product: windows
     service: smbclient-security
@@ -126,11 +126,11 @@ logsources:
     product: windows
     service: firewall-as
     conditions:
-      source: 'Microsoft-Windows-Windows Firewall With Advanced Security/Firewall'
+      source: 'WinEventLog:Microsoft-Windows-Windows Firewall With Advanced Security/Firewall'
   windows-bits-client:
     product: windows
     service: bits-client
     conditions:
-      source: 'Microsoft-Windows-Bits-Client/Operational' 
+      source: 'WinEventLog:Microsoft-Windows-Bits-Client/Operational' 
 fieldmappings:
   EventID: EventCode