This is because there is TargetFileName populationg file_nasme from the sysmon app and the original_file_naame being populated by OriginalFileName from this app. I added EVAL-file_name = coalesce(file_name,OriginalFileName) to the props to handle consolidating the file names into a common field
This is because there is TargetFileName populationg file_nasme from the sysmon app and the original_file_naame being populated by OriginalFileName from this app. I added EVAL-file_name = coalesce(file_name,OriginalFileName) to the props to handle consolidating the file names into a common field