Problem when parsing Sysmon message Event 12
dudu.zbeda@cognyte.com
I'm using NX log enterprise to collect Sysmon logs.
I have a problem with EventID 12 , In the original (Windows view ) the event type is set to EventType: CreateKey
As part of the NXlog output, in the Metadata the Event type is set to INFO and only in the msg field i can see the EventType: CreateKey
Please advice
