diff --git a/default/props.conf b/default/props.conf
index 45c1717..05a0b1a 100644
--- a/default/props.conf
+++ b/default/props.conf
@@ -70,7 +70,7 @@ FIELDALIAS-file_create_time = columns.ctime as file_create_time
 FIELDALIAS-file_size = columns.size as file_size
 FIELDALIAS-file_acl = columns.mode as file_acl
 FIELDALIAS-action = columns.action as action
-EVAL-file_hash=if((name="pack_fim_file_events" AND (action="CREATED" OR action="UPDATED") AND ('columns.sha256'!="")),'columns.sha256',null)
+EVAL-file_hash=if((name="*file_events" AND (action="CREATED" OR action="UPDATED") AND ('columns.sha256'!="")),'columns.sha256',null)
 EVAL-file_name = replace(file_path, "^.*[\\/]", "")
 
 ### For Alerts
@@ -86,3 +86,4 @@ EXTRACT-process_exec = .*path\":\"\\\/(.+?\/)*(?<process_exec>.+?)\"
 FIELDALIAS-process_id = columns.pid AS process_id
 FIELDALIAS-process_path = columns.path AS process_path
 FIELDALIAS-user_id = columns.uid AS user_id
+FIELDALIAS-process = column.cmdline AS process