diff --git a/config/eventkey_alias.txt b/config/eventkey_alias.txt
index 7c4bbcc4..99a4b293 100644
--- a/config/eventkey_alias.txt
+++ b/config/eventkey_alias.txt
@@ -1,153 +1,181 @@
-AccessList,Event.EventData.AccessList
-AccessMask,Event.EventData.AccessMask
-Accesses,Event.EventData.Accesses
-AccountName,Event.EventData.AccountName
-Account_Name,Event.EventData.Account_Name
-AllowedToDelegateTo,Event.EventData.AllowedToDelegateTo
-AttributeLDAPDisplayName,Event.EventData.AttributeLDAPDisplayName
-AttributeValue,Event.EventData.AttributeValue
-AuditPolicyChanges,Event.EventData.AuditPolicyChanges
-AuditSourceName,Event.EventData.AuditSourceName
-AuthenticationPackageName,Event.EventData.AuthenticationPackageName
-CallTrace,Event.EventData.CallTrace
-Caller_Process_Name,Event.EventData.Caller_Process_Name
-CallingProcessName,Event.EventData.CallingProcessName
-CategoryName,Event.EventData.Category Name
-Channel,Event.System.Channel
-Client_Address,Event.EventData.Client_Address
-CommandLine,Event.EventData.CommandLine
-Company,Event.EventData.Company
-Computer,Event.System.Computer
-ComputerName,Event.System.Computer
-ContextInfo,Event.EventData.ContextInfo
-CurrentDirectory,Event.EventData.CurrentDirectory
-Description,Event.EventData.Description
-DestPort,Event.EventData.DestPort
-Destination,Event.EventData.Destination
-DestinationAddress,Event.EventData.DestinationAddress
-DestinationHostname,Event.EventData.DestinationHostname
-DestinationIp,Event.EventData.DestinationIp
-DestinationIsIpv6,Event.EventData.DestinationIsIpv6
-DestinationPort,Event.EventData.DestinationPort
-Details,Event.EventData.Details
-DetectionSource,Event.EventData.DetectionSource
-DetectionUser,Event.EventData.Detection User
-Device,Event.EventData.Device
-DeviceClassName,Event.EventData.DeviceClassName
-DeviceDescription,Event.EventData.DeviceDescription
-DeviceName,Event.EventData.DeviceName
-DomainName,Event.EventData.SubjectDomainName
-EngineVersion,Event.EventData.EngineVersion
-EventID,Event.System.EventID
-EventType,Event.EventData.EventType
-FailureCode,Event.EventData.FailureCode
-FileVersion,Event.EventData.FileVersion
-GrantedAccess,Event.EventData.GrantedAccess
-GroupName,Event.EventData.GroupName
-GroupSid,Event.EventData.GroupSid
-Hashes,Event.EventData.Hashes
-HiveName,Event.EventData.HiveName
-HostApplication,Event.EventData.HostApplication
-HostName,Event.EventData.HostName
-HostVersion,Event.EventData.HostVersion
-Image,Event.EventData.Image
-ImageLoaded,Event.EventData.ImageLoaded
-ImagePath,Event.EventData.ImagePath
-Imphash,Event.EventData.Hashes
-Initiated,Event.EventData.Initiated
-IntegrityLevel,Event.EventData.IntegrityLevel
-IpAddress,Event.EventData.IpAddress
-IpPort,Event.EventData.IpPort
-JobTitle,Event.EventData.name
-KeyLength,Event.EventData.KeyLength
-Keywords,Event.System.Keywords
-LDAPDisplayName,Event.EventData.LDAPDisplayName
-LayerRTID,Event.EventData.LayerRTID
-Level,Event.System.Level
-LogFileClearedSubjectUserName,Event.UserData.LogFileCleared.SubjectUserName
-LogonId,Event.EventData.LogonId
-LogonProcessName,Event.EventData.LogonProcessName
-LogonType,Event.EventData.LogonType
-Logon_Account,Event.EventData.Logon_Account
-MachineName,Event.EventData.MachineName
-MemberName,Event.EventData.MemberName
-MemberSid,Event.EventData.MemberSid
-Message,Event.EventData
-NewName,Event.EventData.NewName
-NewValue,Event.EventData.NewValue
-ObjectClass,Event.EventData.ObjectClass
-ObjectName,Event.EventData.ObjectName
-ObjectServer,Event.EventData.ObjectServer
-ObjectType,Event.EventData.ObjectType
-ObjectValueName,Event.EventData.ObjectValueName
-Origin,Event.EventData.Origin
-OriginalFileName,Event.EventData.OriginalFileName
-OriginalFilename,Event.EventData.OriginalFileName
-ParentCommandLine,Event.EventData.ParentCommandLine
-ParentImage,Event.EventData.ParentImage
-ParentIntegrityLevel,Event.EventData.ParentIntegrityLevel
-ParentProcessName,Event.EventData.ParentProcessName
-ParentUser,Event.EventData.ParentUser
-PasswordLastSet,Event.EventData.PasswordLastSet
-Path,Event.EventData.Path
-Payload,Event.EventData.Payload
-PipeName,Event.EventData.PipeName
-PreAuthType,Event.EventData.PreAuthType
-PrivilegeList,Event.EventData.PrivilegeList
-ProcessCommandLine,Event.EventData.ProcessCommandLine
-ProcessName,Event.EventData.ProcessName
-Product,Event.EventData.Product
-Properties,Event.EventData.Properties
-QNAME,Event.EventData.QNAME
-QueryName,Event.EventData.QueryName
-QueryResults,Event.EventData.QueryResults
-QueryStatus,Event.EventData.QueryStatus
-RelativeTargetName,Event.EventData.RelativeTargetName
-SAMAccountName,Event.EventData.SamAccountName
-ScriptBlockText,Event.EventData.ScriptBlockText
-Service,Event.EventData.Service
-ServiceFileName,Event.EventData.ServiceFileName
-ServiceName,Event.EventData.ServiceName
-ServicePrincipalNames,Event.EventData.ServicePrincipalNames
-SeverityName,Event.EventData.Severity Name
-ShareName,Event.EventData.ShareName
-SidHistory,Event.EventData.SidHistory
-Signature,Event.EventData.Signature
-Signed,Event.EventData.Signed
-Source,Event.System.Provider_Name
-SourceAddress,Event.EventData.SourceAddress
-SourceImage,Event.EventData.SourceImage
-SourceNetworkAddress,Event.EventData.SourceNetworkAddress
-SourcePort,Event.EventData.SourcePort
-Source_Network_Address,Event.EventData.Source_Network_Address
-Source_WorkStation,Event.EventData.Source_WorkStation
-StartFunction,Event.EventData.StartFunction
-StartModule,Event.EventData.StartModule
-Status,Event.EventData.Status
-SubStatus,Event.EventData.SubStatus
-SubjectDomainName,Event.EventData.SubjectDomainName
-SubjectLogonId,Event.EventData.SubjectLogonId
-SubjectUserName,Event.EventData.SubjectUserName
-SubjectUserSid,Event.EventData.SubjectUserSid
-TargetDomainName,Event.EventData.TargetDomainName
-TargetFilename,Event.EventData.TargetFilename
-TargetImage,Event.EventData.TargetImage
-TargetLogonId,Event.EventData.TargetLogonId
-TargetName,Event.EventData.TargetServerName
-TargetObject,Event.EventData.TargetObject
-TargetProcessAddress,Event.EventData.TargetProcessAddress
-TargetSid,Event.EventData.TargetSid
-TargetUserName,Event.EventData.TargetUserName
-TaskName,Event.EventData.TaskName
-ThreatName,Event.EventData.Threat Name
-TicketEncryptionType,Event.EventData.TicketEncryptionType
-TicketOptions,Event.EventData.TicketOptions
-Url,Event.EventData.url
-User,Event.EventData.User
-UserName,Event.EventData.UserName
-Workstation,Event.EventData.Workstation
-WorkstationName,Event.EventData.WorkstationName
-keywords,Event.System.Keywords
-param1,Event.EventData.param1
-param2,Event.EventData.param2
-service,Event.EventData.Service
+AccessList,Event.EventData.AccessList
+AccessMask,Event.EventData.AccessMask
+Accesses,Event.EventData.Accesses
+AccountName,Event.EventData.AccountName
+Account_Name,Event.EventData.Account_Name
+AllowedToDelegateTo,Event.EventData.AllowedToDelegateTo
+AttributeLDAPDisplayName,Event.EventData.AttributeLDAPDisplayName
+AttributeValue,Event.EventData.AttributeValue
+AuditPolicyChanges,Event.EventData.AuditPolicyChanges
+AuditSourceName,Event.EventData.AuditSourceName
+AuthenticationPackageName,Event.EventData.AuthenticationPackageName
+CallTrace,Event.EventData.CallTrace
+CallerProcessName,Event.EventData.CallerProcessName
+Caller_Process_Name,Event.EventData.Caller_Process_Name
+CallingProcessName,Event.EventData.CallingProcessName
+CategoryName,Event.EventData.Category Name
+CertThumbprint,Event.EventData.CertThumbprint
+Channel,Event.System.Channel
+ClassName,Event.EventData.ClassName
+Client_Address,Event.EventData.Client_Address
+CommandLine,Event.EventData.CommandLine
+Company,Event.EventData.Company
+Computer,Event.System.Computer
+ComputerName,Event.System.Computer
+ContextInfo,Event.EventData.ContextInfo
+CurrentDirectory,Event.EventData.CurrentDirectory
+Description,Event.EventData.Description
+DestAddress,Event.EventData.DestAddress
+DestPort,Event.EventData.DestPort
+Destination,Event.EventData.Destination
+DestinationAddress,Event.EventData.DestinationAddress
+DestinationHostname,Event.EventData.DestinationHostname
+DestinationIp,Event.EventData.DestinationIp
+DestinationIsIpv6,Event.EventData.DestinationIsIpv6
+DestinationPort,Event.EventData.DestinationPort
+Details,Event.EventData.Details
+DetectionSource,Event.EventData.DetectionSource
+DetectionUser,Event.EventData.Detection User
+Device,Event.EventData.Device
+DeviceClassName,Event.EventData.DeviceClassName
+DeviceDescription,Event.EventData.DeviceDescription
+DeviceName,Event.EventData.DeviceName
+DomainName,Event.EventData.SubjectDomainName
+EngineVersion,Event.EventData.EngineVersion
+ErrorCode,Event.EventData.ErrorCode
+EventID,Event.System.EventID
+EventType,Event.EventData.EventType
+FailureCode,Event.EventData.FailureCode
+FilePath,Event.EventData.FilePath
+FileVersion,Event.EventData.FileVersion
+Filename,Event.EventData.Filename
+GrantedAccess,Event.EventData.GrantedAccess
+GroupName,Event.EventData.GroupName
+GroupSid,Event.EventData.GroupSid
+Hashes,Event.EventData.Hashes
+HiveName,Event.EventData.HiveName
+HostApplication,Event.EventData.HostApplication
+HostName,Event.EventData.HostName
+HostVersion,Event.EventData.HostVersion
+Image,Event.EventData.Image
+ImageLoaded,Event.EventData.ImageLoaded
+ImagePath,Event.EventData.ImagePath
+Imphash,Event.EventData.Hashes
+Initiated,Event.EventData.Initiated
+IntegrityLevel,Event.EventData.IntegrityLevel
+IpAddress,Event.EventData.IpAddress
+IpPort,Event.EventData.IpPort
+JobTitle,Event.EventData.name
+KeyLength,Event.EventData.KeyLength
+Keywords,Event.System.Keywords
+LDAPDisplayName,Event.EventData.LDAPDisplayName
+LayerRTID,Event.EventData.LayerRTID
+Level,Event.System.Level
+LogFileClearedSubjectUserName,Event.UserData.LogFileCleared.SubjectUserName
+LogonId,Event.EventData.LogonId
+LogonProcessName,Event.EventData.LogonProcessName
+LogonType,Event.EventData.LogonType
+Logon_Account,Event.EventData.Logon_Account
+MachineName,Event.EventData.MachineName
+MemberName,Event.EventData.MemberName
+MemberSid,Event.EventData.MemberSid
+Message,Event.EventData
+NewName,Event.EventData.NewName
+NewTemplateContent, Event.EventData.NewTemplateContent
+NewUacValue,Event.EventData.NewUacValue
+NewValue,Event.EventData.NewValue
+New_Value,Event.EventData.New Value
+ObjectClass,Event.EventData.ObjectClass
+ObjectName,Event.EventData.ObjectName
+ObjectServer,Event.EventData.ObjectServer
+ObjectType,Event.EventData.ObjectType
+ObjectValueName,Event.EventData.ObjectValueName
+OldUacValue,Event.EventData.OldUacValue
+Origin,Event.EventData.Origin
+OriginalFilename,Event.EventData.OriginalFileName
+ParentCommandLine,Event.EventData.ParentCommandLine
+ParentImage,Event.EventData.ParentImage
+ParentIntegrityLevel,Event.EventData.ParentIntegrityLevel
+ParentProcessName,Event.EventData.ParentProcessName
+ParentUser,Event.EventData.ParentUser
+PasswordLastSet,Event.EventData.PasswordLastSet
+Path,Event.EventData.Path
+Payload,Event.EventData.Payload
+PipeName,Event.EventData.PipeName
+PreAuthType,Event.EventData.PreAuthType
+PrivilegeList,Event.EventData.PrivilegeList
+ProcessCommandLine,Event.EventData.ProcessCommandLine
+ProcessId,Event.EventData.ProcessId
+ProcessName,Event.EventData.ProcessName
+Product,Event.EventData.Product
+Properties,Event.EventData.Properties
+ProviderName,Event.System.Provider_Name
+Provider_Name,Event.System.Provider_Name
+QNAME,Event.EventData.QNAME
+QueryName,Event.EventData.QueryName
+QueryResults,Event.EventData.QueryResults
+QueryStatus,Event.EventData.QueryStatus
+RelativeTargetName,Event.EventData.RelativeTargetName
+RuleName,Event.EventData.RuleName
+SAMAccountName,Event.EventData.SamAccountName
+ScriptBlockText,Event.EventData.ScriptBlockText
+SearchFilter,Event.System.SearchFilter
+ServerName,Event.System.ServerName
+Service,Event.EventData.Service
+ServiceFileName,Event.EventData.ServiceFileName
+ServiceName,Event.EventData.ServiceName
+ServicePrincipalNames,Event.EventData.ServicePrincipalNames
+ServiceStartType,Event.EventData.ServiceStartType
+ServiceType,Event.EventData.ServiceType
+SeverityName,Event.EventData.Severity Name
+ShareLocalPath,Event.EventData.ShareLocalPath
+ShareName,Event.EventData.ShareName
+SidHistory,Event.EventData.SidHistory
+Signature,Event.EventData.Signature
+Signed,Event.EventData.Signed
+Source,Event.System.Provider_Name
+SourceAddress,Event.EventData.SourceAddress
+SourceImage,Event.EventData.SourceImage
+SourceNetworkAddress,Event.EventData.SourceNetworkAddress
+SourcePort,Event.EventData.SourcePort
+Source_Name,Event.EventData.Source Name
+Source_Network_Address,Event.EventData.Source_Network_Address
+Source_WorkStation,Event.EventData.Source_WorkStation
+StartAddress,Event.EventData.StartAddress
+StartFunction,Event.EventData.StartFunction
+StartModule,Event.EventData.StartModule
+State,Event.EventData.State
+Status,Event.EventData.Status
+SubStatus,Event.EventData.SubStatus
+SubjectDomainName,Event.EventData.SubjectDomainName
+SubjectLogonId,Event.EventData.SubjectLogonId
+SubjectUserName,Event.EventData.SubjectUserName
+SubjectUserSid,Event.EventData.SubjectUserSid
+TargetDomainName,Event.EventData.TargetDomainName
+TargetFilename,Event.EventData.TargetFilename
+TargetInfo,Event.EventData.TargetInfo
+TargetImage,Event.EventData.TargetImage
+TargetLogonId,Event.EventData.TargetLogonId
+TargetName,Event.EventData.TargetServerName
+TargetObject,Event.EventData.TargetObject
+TargetProcessAddress,Event.EventData.TargetProcessAddress
+TargetServerName,Event.EventData.TargetServerName
+TargetSid,Event.EventData.TargetSid
+TargetUserName,Event.EventData.TargetUserName
+TaskName,Event.EventData.TaskName
+TemplateContent,Event.EventData.TemplateContent
+ThreatName,Event.EventData.Threat Name
+TicketEncryptionType,Event.EventData.TicketEncryptionType
+TicketOptions,Event.EventData.TicketOptions
+Url,Event.EventData.url
+User,Event.EventData.User
+UserName,Event.EventData.UserName
+Value, Event.EventData.Value
+WindowsDefenderProcessName,Event.EventData.Process Name
+Workstation,Event.EventData.Workstation
+WorkstationName,Event.EventData.WorkstationName
+param1,Event.EventData.param1
+param2,Event.EventData.param2
+provider_Name,Event.EventData.Provider_Name
+service,Event.EventData.Service
+sha1,Event.EventData.Hashes_sha1