Merge pull request #2153 from frack113/fix_yml

fix tools/config/splunk-windows.yml
2021-10-17 07:14:53 +01:00
parent 76c02a14b2 7fc6532665
commit ca4e32c00f
1 changed files with 1 additions and 1 deletions
@@ -32,7 +32,7 @@ logsources:
    # Optimized search for process creation, being dramatically faster in Lispy than just EventCode=1 search, as 'ParentProcessGuid' is more unique than '1' in the raw data.
    # This also supports custom splunk macros, just like they are written in splunk (i.e. as `macro`), minding that it has to be written inside the string quotes here.
    search: 'ParentProcessGuid EventCode=1'
-  windows-process-creation:
+  windows-file-creation:
    product: windows
    service: sysmon
    category: file_creation