From 5b712a8f86bd5c44380be76245c27ed05993f8b5 Mon Sep 17 00:00:00 2001
From: Chris Long <clong@cl0ng.com>
Date: Thu, 13 Aug 2020 14:14:36 -0700
Subject: [PATCH] Filter AutorunsToWinEventlog invocation more widely

---
 Vagrant/resources/splunk_server/transforms.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Vagrant/resources/splunk_server/transforms.conf b/Vagrant/resources/splunk_server/transforms.conf
index cdf7ff3..db76ad0 100644
--- a/Vagrant/resources/splunk_server/transforms.conf
+++ b/Vagrant/resources/splunk_server/transforms.conf
@@ -20,7 +20,7 @@ DEST_KEY = queue
 FORMAT = nullQueue
 
 [autoruns_wineventlog_null]
-REGEX = "Script\sName\s=\sC\:\\Program Files\\AutorunsToWinEventLog\\AutorunsToWinEventLog.ps1"
+REGEX = "C:\\Program Files\\AutorunsToWinEventLog\\AutorunsToWinEventLog.ps1"
 DEST_KEY = queue
 FORMAT = nullQueue