From dd5083ffc0791663e4f1837e949ed2ec684c6604 Mon Sep 17 00:00:00 2001
From: siamease <tomoomi@gmail.com>
Date: Sun, 25 Oct 2020 03:15:48 +0900
Subject: [PATCH] fix no

---
 src/detections/sysmon.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/detections/sysmon.rs b/src/detections/sysmon.rs
index 31d0ea7a..f0f81c72 100644
--- a/src/detections/sysmon.rs
+++ b/src/detections/sysmon.rs
@@ -27,7 +27,7 @@ impl Sysmon {
     }
 
     fn check_command_lines(&mut self, event_id: &String, event_data: &HashMap<String, String>) {
-        if event_id != "4" {
+        if event_id != "1" {
             return;
         }