Merge PR #5842 from @swachchhanda000 - chore: update thor.yml with missing file_change category

chore: update thor.yml with missing file_change category
2026-01-29 14:10:27 +05:45
parent 3d8c650ba2
commit a4ddc7a414
4 changed files with 69 additions and 43 deletions
@@ -25,6 +25,14 @@ logsources:
        fieldmappings:
            Image: NewProcessName
            ParentImage: ParentProcessName
+    file_change:
+        category: file_change
+        product: windows
+        conditions:
+            EventID: 2
+        rewrite:
+            product: windows
+            service: sysmon
    network_connection:
        category: network_connection
        product: windows