title: Conversion of generic process_creation rules into Security/4688
order: 10
logsources:
    process_creation:
        category: process_creation
        product: windows
        conditions:
            EventID: 4688
        rewrite:
            product: windows
            service: security
fieldmappings:
    Image: NewProcessName
    ParentImage: ParentProcessName