My pleasure! I’m glad you’re trying it out.

Did you pull the latest version of ThreatHunter-Playbook? Roberto just merged a pull request of mine where I fixed some typos in those configs. I actually used Test-SysmonConfiguration to track down those typos. That looks like what you’re seeing.