michaelhidalgo · June 29, 2020 17:59
diff --git a/[ 15 ] - SYSMON_FILE_CREATE_STREAM_HASH.xml b/[ 15 ] - SYSMON_FILE_CREATE_STREAM_HASH.xml
 <?xml version="1.0" ?>
 <event name="SYSMON_FILE_CREATE_STREAM_HASH" value="15" level="Informational" template="File stream created" rulename="FileCreateStreamHash" ruledefault="include" version="2">
 	<data name="RuleName" inType="win:UnicodeString" outType="xs:string"/>
 	<data name="UtcTime" inType="win:UnicodeString" outType="xs:string"/>
 	<data name="ProcessGuid" inType="win:GUID"/>
 	<data name="ProcessId" inType="win:UInt32" outType="win:PID"/>
 	<data name="Image" inType="win:UnicodeString" outType="xs:string"/>
 	<data name="TargetFilename" inType="win:UnicodeString" outType="xs:string"/>
 	<data name="CreationUtcTime" inType="win:UnicodeString" outType="xs:string"/>
 	<data name="Hash" inType="win:UnicodeString" outType="xs:string"/>
 	<data name="Contents" inType="win:UnicodeString" outType="xs:string"/>
 </event>
	<?xml version="1.0" ?>
	<event name="SYSMON_FILE_CREATE_STREAM_HASH" value="15" level="Informational" template="File stream created" rulename="FileCreateStreamHash" ruledefault="include" version="2">
	<data name="RuleName" inType="win:UnicodeString" outType="xs:string"/>
	<data name="UtcTime" inType="win:UnicodeString" outType="xs:string"/>
	<data name="ProcessGuid" inType="win:GUID"/>
	<data name="ProcessId" inType="win:UInt32" outType="win:PID"/>
	<data name="Image" inType="win:UnicodeString" outType="xs:string"/>
	<data name="TargetFilename" inType="win:UnicodeString" outType="xs:string"/>
	<data name="CreationUtcTime" inType="win:UnicodeString" outType="xs:string"/>
	<data name="Hash" inType="win:UnicodeString" outType="xs:string"/>
	<data name="Contents" inType="win:UnicodeString" outType="xs:string"/>
	</event>
No results found