From 3fdaf8b9f1f68411b95dea7127c5c2c59103d0c0 Mon Sep 17 00:00:00 2001
From: Maxime Lamothe-Brassard <maxime@refractionpoint.com>
Date: Fri, 27 May 2022 11:01:22 -0700
Subject: [PATCH] Support alternate case for OriginalFileName.

---
 tools/sigma/backends/limacharlie.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tools/sigma/backends/limacharlie.py b/tools/sigma/backends/limacharlie.py
index 3d396ab9b..a16da3384 100644
--- a/tools/sigma/backends/limacharlie.py
+++ b/tools/sigma/backends/limacharlie.py
@@ -126,6 +126,7 @@ _allFieldMappings = {
                 "ParentCommandLine": "event/PARENT/COMMAND_LINE",
                 "User": "event/USER_NAME",
                 "OriginalFileName": "event/ORIGINAL_FILE_NAME",
+                "OriginalFilename": "event/ORIGINAL_FILE_NAME",
                 # Custom field names coming from somewhere unknown.
                 "NewProcessName": "event/FILE_PATH",
                 "ProcessCommandLine": "event/COMMAND_LINE",
@@ -237,6 +238,7 @@ _allFieldMappings = {
                 "ParentCommandLine": "event/PARENT/COMMAND_LINE",
                 "User": "event/USER_NAME",
                 "OriginalFileName": "event/ORIGINAL_FILE_NAME",
+                "OriginalFilename": "event/ORIGINAL_FILE_NAME",
                 # Custom field names coming from somewhere unknown.
                 "NewProcessName": "event/FILE_PATH",
                 "ProcessCommandLine": "event/COMMAND_LINE",