corrected field name case in decoder-linux-sysmon.xml

fixed incorrect case on system.eventId to system.eventID
2025-11-04 05:43:15 +00:00 · 2023-06-23 17:51:09 -04:00
parent e7443b2f28
commit e051121c8b
1 changed files with 1 additions and 1 deletions
--- a/Linux/decoder-linux-sysmon.xml
+++ b/Linux/decoder-linux-sysmon.xml
@@ -7,7 +7,7 @@
 <decoder name="sysmon-linux-child">
  <parent>sysmon-linux</parent>
  <regex offset="after_parent">\pEventID\p(\d+)\p/EventID\p</regex>
-  <order>system.eventId</order>
+  <order>system.eventID</order>
 </decoder>
 <!-- keywords -->