logsources:
  windows-application:
    product: windows
    service: application
    conditions:
      sourcetype: 'WinEventLog:Application'
  windows-security:
    product: windows
    service: security
    conditions:
      sourcetype: 'WinEventLog:Security'
  windows-security:
    product: windows
    service: system
    conditions:
      sourcetype: 'WinEventLog:System'
  windows-sysmon:
    product: windows
    service: sysmon
    conditions:
      source: 'WinEventLog:Microsoft-Windows-Sysmon/Operational'
  windows-powershell:
    product: windows
    service: powershell
    conditions:
      source: 'WinEventLog:Microsoft-Windows-PowerShell/Operational'
  windows-classicpowershell:
    product: windows
    service: powershell-classic
    conditions:
      source: 'Windows PowerShell'      
  windows-powershell:
    product: windows
    service: taskscheduler
    conditions:
      source: 'WinEventLog:Microsoft-Windows-TaskScheduler/Operational'
fieldmappings:
    EventID: EventCode