From b8f00889e116377144c2907bf90b9a1fc0072734 Mon Sep 17 00:00:00 2001
From: Thomas <159919611+tw-dpd@users.noreply.github.com>
Date: Tue, 23 Apr 2024 17:34:42 +0100
Subject: [PATCH] Update windows_logtype.json

Add additional NewProcessName Mapping for windows logs

Signed-off-by: Thomas <159919611+tw-dpd@users.noreply.github.com>
---
 src/main/resources/OSMapping/windows_logtype.json | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/main/resources/OSMapping/windows_logtype.json b/src/main/resources/OSMapping/windows_logtype.json
index ec9b3ed1a..0c0003dd9 100644
--- a/src/main/resources/OSMapping/windows_logtype.json
+++ b/src/main/resources/OSMapping/windows_logtype.json
@@ -221,6 +221,10 @@
       "raw_field":"ProcessName",
       "ecs":"winlog.event_data.ProcessName"
     },
+    {
+      "raw_field":"NewProcessName",
+      "ecs":"winlog.event_data.NewProcessName"
+    },
     {
       "raw_field":"ObjectName",
       "ecs":"winlog.computerObject.name"