From 046510f0218c40caa282b8233200456584c8de76 Mon Sep 17 00:00:00 2001
From: neu5ron <therealneu5ron@gmail.com>
Date: Tue, 5 Feb 2019 13:11:06 -0500
Subject: [PATCH] updated HELK Destination IP name

---
 tools/config/helk.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/tools/config/helk.yml b/tools/config/helk.yml
index 6a52294c8..196f01dd7 100644
--- a/tools/config/helk.yml
+++ b/tools/config/helk.yml
@@ -48,11 +48,11 @@ fieldmappings:
     Destination:
         EventID=20: wmi_consumer_destination
     DestinationHostname: dst_host_name
-    DestinationIp: dst_ip
+    DestinationIp: dst_ip_addr
     DestinationIsIpv6: dst_is_ipv6
     DestinationPort: dst_port
     DestinationPortName: dst_port_name
-    Details: 
+    Details:
         EventID=13: registry_key_value
     Device: device_name
     EngineVersion: powershell.engine.version
@@ -130,7 +130,7 @@ fieldmappings:
     State:
         EventID=4: service_state
         EventID=16: sysmon_configuration_state
-    SubjectUserName: 
+    SubjectUserName:
         EventID=4624: user_reporter_name
         EventId=4648: user_name
         EventID=5140: user_name