title: Sysmon
order: 20
backends:
  - sysmon
fieldmappings:
  event_id: EventID
  event_data.ParentImage: ParentImage
  event_data.CommandLine: CommandLine
  event_data.Image: Image