Renamed ProcessName field to Image for the process_creation category.

rules/linux/macos_binary_padding.yml

@@ -13,12 +13,12 @@ logsource:
     category: process_creation
 detection:
     selection1:
-        ProcessName|endswith:
+        Image|endswith:
              - '/truncate'
         CommandLine|contains:
              - '-s'
     selection2:
-        ProcessName|endswith:
+        Image|endswith:
              - '/dd'
         CommandLine|contains:
              - 'if='