[x] I have ensured a Provider is listed for the new map(s) being submitted
[x] I have ensured the filename(s) of any new map(s) being submitted follows the approved format, i.e. Channel-Name_Provider-Name_EventID.map (all spaces and special characters are replaced with a hyphen)
[x] I have tested and validated the new map(s) work with my test data and achieve the desired output
[x] I have provided example event data at the bottom of my map(s)
[x] I have consulted the guide/template to ensure my map(s) follow the same format
Thank you for your submission and for contributing to the DFIR community!
Description
Added maps that were mentioned here: https://nasbench.medium.com/finding-forensic-goodness-in-obscure-windows-event-logs-60e978ea45a3
Checklist:
Please replace every instance of
[ ]with[X]Thank you for your submission and for contributing to the DFIR community!