diff --git a/Splunk/sigma/Copy-SplunkSigma-Sysmon1-to-4688.ps1 b/Splunk/sigma/Copy-SplunkSigma-Sysmon1-to-4688.ps1
index 2cb6f3f..1e9461a 100644
--- a/Splunk/sigma/Copy-SplunkSigma-Sysmon1-to-4688.ps1
+++ b/Splunk/sigma/Copy-SplunkSigma-Sysmon1-to-4688.ps1
@@ -111,6 +111,7 @@
             $_ = $_ -replace ' IntegrityLevel=".*?"', ''
             $_ = $_ -replace ' OR CurrentDirectory=".*?"', ''
             $_ = $_ -replace ' CurrentDirectory=".*?"', ''
+            $_ = $_ -replace '^\[(.*?)\]$', '[$1 4688]'
 
             # Return the modified line
             $_