1.2.0

What's Changed

• New maps by @barrie0482 in #3
• Create OAlerts_300.map by @Lennaert89 in #5
• Create LICENSE by @EricZimmerman in #8
• bunch of new maps by @mpilking in #9
• Add new maps by @mark-hallman in #10
• Fix typo within "[...]-5861.map" by @qlemaire in #12
• Update Security_4648.map - Corrected PayloadData2/3 by @bmackalicious in #13
• Update Security_4634.map by @bmackalicious in #14
• Update Microsoft-Windows-TaskScheduler_Operational_200.map by @randomaccess3 in #17
• 1006-Threat Found and 1008-Error removing Threat by @bmackalicious in #19
• New 400,403,600 Maps for Windows PowerShell by @bmackalicious in #21
• Update 4624/4625 maps to include process name by @chadtilbury in #24
• Map Microsoft-Windows-Partition%4Diagnostic.evtx for EventID 1006 by @mark-hallman in #25
• Cisco AnyConnect Maps by @michealb401 in #27
• Update map by @esecrpm in #29
• Minor corrections by @AndrewRathbun in #30
• Create Sysmon maps, update README, etc by @AndrewRathbun in #31
• new maps by @forensenellanebbia in #32
• Modify Sysmon Event ID 5, create Sysmon Event IDs 10 and 11 by @AndrewRathbun in #33
• Add Sysmon Event IDs 2, 3, and 6. Various minor fixes. by @AndrewRathbun in #34
• Add Sysmon Event IDs 7, 8, 12, 13, 15, 19, 20, 21, 22, and 23 by @AndrewRathbun in #35
• Update Application-Sophos-Alert_42.map by @AndrewRathbun in #36
• Update Application-Audit-CVE_1.map by @AndrewRathbun in #37
• add new maps by @hyuunnn in #38
• add new maps by @hyuunnn in #40
• New maps, various fixes by @AndrewRathbun in #41
• Various fixes by @AndrewRathbun in #42
• New maps by @AndrewRathbun in #43
• New maps, various fixes by @AndrewRathbun in #44
• add new maps by @hyuunnn in #45
• add new maps by @hyuunnn in #46
• Update Sysmon Logs by @AndrewRathbun in #48
• Standardize Providers in all maps by @AndrewRathbun in #49
• Create Microsoft-DriverFrameworks-UserMode_2100.map by @AndrewRathbun in #50
• Standardization of Map Naming Convention, Update README by @AndrewRathbun in #51
• Standardized all maps. Added Documentation. by @AndrewRathbun in #52
• Rename/Standardize Microsoft-Windows-WPD-MTPClassDriver 1005 by @AndrewRathbun in #53
• Minor tweaks and standardization fixes by @AndrewRathbun in #54
• Rename map by @AndrewRathbun in #55
• Add documentation by @AndrewRathbun in #56
• Update filename by @AndrewRathbun in #57
• New maps for Citrix events by @forensenellanebbia in #58
• Added LogonIDs and ActivityIDs by @forensenellanebbia in #59
• Standardization and Documentation Updates by @AndrewRathbun in #60
• Update Documentation and Event Examples by @AndrewRathbun in #61
• Standardization Updates and Examples Added by @AndrewRathbun in #62
• Add maps, update existing by @AndrewRathbun in #63
• Fixing a missing quote in description by @anelshaer in #65
• New maps, update maps, and add documentation by @AndrewRathbun in #66
• 4625: added lookups for failure reasons by @forensenellanebbia in #67
• add new map by @hyuunnn in #68
• add new maps by @hyuunnn in #69
• Update filenames, new maps, minor fixes, etc by @AndrewRathbun in #70
• New map, add documentation by @AndrewRathbun in #72
• Create Security_Microsoft-Windows-Security-Auditing_4656.map by @AndrewRathbun in #73
• BITS maps by @forensenellanebbia in #74
• fix maps by @hyuunnn in #75
• New maps, update existing, update guide by @AndrewRathbun in #76
• Minor corrections by @AndrewRathbun in #77
• add maps by @hyuunnn in #78
• add maps by @hyuunnn in #79
• add new maps by @hyuunnn in #80
• Add new maps by @AndrewRathbun in #81
• Add new maps by @AndrewRathbun in #82
• Add new maps by @AndrewRathbun in #83
• Add new maps, minor fixes by @AndrewRathbun in #84
• Create Microsoft-Windows-TaskScheduler-Operational_Microsoft-Windows-… by @AndrewRathbun in #85
• Add Varonis Maps by @AndrewRathbun in #86
• Add new maps by @AndrewRathbun in #87
• Update Microsoft-Windows-Kernel-PnP-Configuration_Microsoft-Windows-K… by @AndrewRathbun in #88
• Add new maps, minor fixes, added documentation by @AndrewRathbun in #89
• Add new maps, minor updates by @AndrewRathbun in #91
• Update Sysmon Documentation by @AndrewRathbun in #92
• Fix Map Descriptions by @AndrewRathbun in #93
• Update maps by @AndrewRathbun in #94
• Fix Filenames by @AndrewRathbun in #95
• Fix Filenames by @AndrewRathbun in #96
• ID 6416 Audit PNP Activity by @forensenellanebbia in #97
• Create Microsoft-Windows-Ntfs-Operational_Microsoft-Windows-Ntfs_151.map by @AndrewRathbun in #100
• Create Microsoft-Windows-Ntfs-Operational_Ntfs_55.map by @hyuunnn in #101
• Update mapping on various Maps for better readability during analysis by @AndrewRathbun in #102
• Update Security_Microsoft-Windows-Security-Auditing_5156.map by @AndrewRathbun in #103
• Update YAML by @AndrewRathbun in #104
• YAML fixes by @AndrewRathbun in #105
• Update PULL_REQUEST_TEMPLATE.md by @AndrewRathbun in #106
• Minor fixes by @AndrewRathbun in #107
• Update documentation/description by @AndrewRathbun in #108
• New maps by @AndrewRathbun in #109
• Add/Update Symantec Maps by @AndrewRathbun in #110
• Add CrowdStrike Maps by @AndrewRathbun in #111
• Create Microsoft-Windows-SMBServer-Audit_Microsoft-Windows-SMBServer_… by @AndrewRathbun in #112
• Modify Firewall_2006.map output by @AndrewRathbun in #113
• Create adPWDManager_adPWDManager_110.map by @AndrewRathbun in #114
• Create Microsoft-Windows-WER-Diag-Operational_Microsoft-Windows-WER-D… by @AndrewRathbun in #115
• Create Security_Microsoft-Windows-Security-Auditing_4674.map by @AndrewRathbun in #116
• Update Guide/Template with XPATH documentation, examples, etc by @AndrewRathbun in #117
• New System map, updated System map by @AndrewRathbun in #119
• Add new System:7040 map by @AndrewRathbun in #120
• Update issue templates (s/KAPE/evtx) by @Karneades in ht...