Closed TomDiTullio closed 2 years ago
Source is source="WinEventLog:Microsoft-Windows-PowerShell/Operational" when it needs to be source="WinEventLog:Microsoft-Windows-Sysmon/Operational" OR source="XmlWinEventLog:Microsoft-Windows-Sysmon/Operational"
Source is source="WinEventLog:Microsoft-Windows-PowerShell/Operational" when it needs to be source="WinEventLog:Microsoft-Windows-Sysmon/Operational" OR source="XmlWinEventLog:Microsoft-Windows-Sysmon/Operational"