fixed netevert#40

netevert · netevert · commit a651ae9de5f1 · 2020-06-21T13:32:26.000+02:00
diff --git a/README.md b/README.md
@@ -5,7 +5,9 @@
 [![Maintenance](https://img.shields.io/maintenance/yes/2020.svg?style=flat-square)]()
 [![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg?style=flat-square)](http://makeapullrequest.com)
 [![](https://img.shields.io/badge/2019-DEF%20CON%2027-blueviolet?style=flat-square)](https://cloud-village.org/#talks?olafedoardo)
+<!--
 [![](https://img.shields.io/badge/Azure%20Sentinel%20workbooks%20gallery-grey?style=flat-square&logo=microsoft-azure)](https://github.com/Azure/Azure-Sentinel/blob/master/Workbooks/SysmonThreatHunting.json)
+-->
 
 Sentinel ATT&CK aims to simplify the rapid deployment of a threat hunting capability that leverages Sysmon and [MITRE ATT&CK](https://attack.mitre.org/) on Azure Sentinel.
 
diff --git a/parser/Sysmon-OSSEM.txt b/parser/Sysmon-OSSEM.txt
@@ -147,7 +147,7 @@ process_id = EventDetail.[4].["#text"],process_path = EventDetail.[5].["#text"],
 ;
 processEvents;
 };
-let SysmonEvent13__RegistrySetValue=() {
+let SysmonEvent13_RegistrySetValue=() {
 let processEvents = EventData
 | where EventID == 13
 | extend rule_name = EventDetail.[0].["#text"], EventType = EventDetail.[1].["#text"], event_creation_time = EventDetail.[2].["#text"], process_guid = EventDetail.[3].["#text"],

Original file line number	Diff line number	Diff line change
`@@ -147,7 +147,7 @@ process_id = EventDetail.[4].["#text"],process_path = EventDetail.[5].["#text"],`
`147`	`147`	`;`
`148`	`148`	`processEvents;`
`149`	`149`	`};`
`150`		`-let SysmonEvent13__RegistrySetValue=() {`
	`150`	`+let SysmonEvent13_RegistrySetValue=() {`
`151`	`151`	`let processEvents = EventData`
`152`	`152`	`\| where EventID == 13`
`153`	`153`	`\| extend rule_name = EventDetail.[0].["#text"], EventType = EventDetail.[1].["#text"], event_creation_time = EventDetail.[2].["#text"], process_guid = EventDetail.[3].["#text"],`