Configuring EventId 15 for exe and dll files

[joydragon]

Dunno if you already decided this before, but can you add to the configuration of the event 15 the exe and dll files?

I was trying to test manually this sigma rule with those types and it wasn't working: https://github.com/Neo23x0/sigma/blob/master/rules/windows/sysmon/sysmon_ads_executable.yml

This is based on this article: https://oddvar.moe/2018/01/14/putting-data-in-alternate-data-streams-and-how-to-execute-it/

I added something like this, but I don't know if that's the best answer to it: <TargetFilename condition="end with">.exe</TargetFilename> <!--Executable files--> <TargetFilename condition="end with">.dll</TargetFilename> <!--DLL files-->

Thanks!