fixed issue with identifying proper node

Updated Function for RuleName

Author: darkoperator

Functions/New-SysmonCreateRemoteThreadFilter.ps1

@@ -74,7 +74,7 @@ function New-SysmonCreateRemoteThreadFilter {
         if($RuleName) {
             $cmdoptions.Add('RuleName',$RuleName)
         }
-        
+
         switch($psCmdlet.ParameterSetName) {
             'Path' {
                 $cmdOptions.Add('Path',$Path)

Functions/New-SysmonPipeFilter.ps1

@@ -81,7 +81,7 @@ function New-SysmonPipeFilter {
         if($RuleName) {
             $cmdoptions.Add('RuleName',$RuleName)
         }
-        
+
         switch ($PSCmdlet.ParameterSetName) {
             'Path' {
                 $cmdOptions.Add('Path',$Path)

Posh-SysMon.psm1

@@ -257,9 +257,9 @@ function New-RuleFilter
         } # If only one element this will return null, more than one this will provide a value.
         else
         {
-            if ($RuleData.count -eq $null)
+            if ($RuleData.count -eq 1)
             {
-                if ($RuleData.onmatch -eq $OnMatch)
+                if ($RuleData.Attributes."#text" -eq $OnMatch)
                 {
                     Write-Verbose -Message 'Single node.'
                     Write-Verbose -Message "Creating filters for event type $($EventType)."