From 7a4a3e94fd7da0de22e824691223754a2487fc3e Mon Sep 17 00:00:00 2001
From: Eric Beahan <eric.beahan@elastic.co>
Date: Fri, 2 Oct 2020 13:12:54 -0500
Subject: [PATCH] add pe.original_file_name

---
 rfcs/text/0001-wildcard-data-type.md | 1 +
 rfcs/text/0001/pe.yml                | 5 +++++
 2 files changed, 6 insertions(+)
 create mode 100644 rfcs/text/0001/pe.yml

diff --git a/rfcs/text/0001-wildcard-data-type.md b/rfcs/text/0001-wildcard-data-type.md
index a79c353295..20f31070f8 100644
--- a/rfcs/text/0001-wildcard-data-type.md
+++ b/rfcs/text/0001-wildcard-data-type.md
@@ -32,6 +32,7 @@ For a field to use wildcard, it will require changing the the field's defined sc
 | [`http`](0001/http.yml) | `http.request.referrer`<br> `http.request.body.content`<br> `http.response.body.content` |
 | [`log`](0001/log.yml) | `log.file.path`<br> `log.logger` |
 | [`os`](0001/os.yml) | `os.name`<br> `os.full` |
+| [`pe`](0001/pe.yml) | `pe.original_file_name` |
 | [`process`](0001/process.yml) | `process.command_line`<br> `process.executable`<br> `process.name`<br> `process.title`<br> `process.working_directory`<br> |
 | [`registry`](0001/registry.yml) | `registry.key`<br> `registry.path`<br> `registry.data.strings` |
 | [`server`](0001/server.yml) | `server.domain`<br> `server.registered_domain` |
diff --git a/rfcs/text/0001/pe.yml b/rfcs/text/0001/pe.yml
new file mode 100644
index 0000000000..52773c17a4
--- /dev/null
+++ b/rfcs/text/0001/pe.yml
@@ -0,0 +1,5 @@
+---
+  - name: process
+    fields:
+      - name: original_final_name
+        type: wildcard