title: Conversion of Generic Rules into Sysmon Specific Rules
order: 10
logsources:
    process_creation:
        category: process_creation
        product: windows
        conditions:
            EventID: 1
        rewrite:
            product: windows
            service: sysmon
    network_connection:
        category: network_connection
        product: windows
        conditions:
            EventID: 3
        rewrite:
            product: windows
            service: sysmon
    dns_query:
        category: dns_query
        product: windows
        conditions:
            EventID: 22
        rewrite:
            product: windows
            service: sysmon
    registry_event:
        category: registry_event
        product: windows
        conditions:
            EventID: 
                - 12 
                - 13 
                - 14
        rewrite:
            product: windows
            service: sysmon
    file_creation:
        category: file_event
        product: windows
        conditions:
            EventID: 11
        rewrite:
            product: windows
            service: sysmon
    process_access:
        category: process_access
        product: windows
        conditions:
            EventID: 10
        rewrite:
            product: windows
            service: sysmon
    image_loaded:
        category: image_load
        product: windows
        conditions:
            EventID: 7
        rewrite:
            product: windows
            service: sysmon
    driver_loaded:
        category: driver_load
        product: windows
        conditions:
            EventID: 6
        rewrite:
            product: windows
            service: sysmon
    process_terminated:
        category: process_termination
        product: windows
        conditions:
            EventID: 5
        rewrite:
            product: windows
            service: sysmon