diff --git a/resources/scripts/ossemSysmonKQLParser.py b/resources/scripts/ossemSysmonKQLParser.py
index bee0601cc2..d410041856 100644
--- a/resources/scripts/ossemSysmonKQLParser.py
+++ b/resources/scripts/ossemSysmonKQLParser.py
@@ -82,8 +82,9 @@
     for field in fieldlist:
         log.debug('Field Name: {}'.format(field['name']))
         field_name = dict()
-        field_name['name'] = field['name']
+        field_name['name'] = field['name'] if ("GUID" not in field['name']) else field['name'].replace('GUID', 'Guid')
         field_name['index'] = count
+        field_name['type'] = field['inType']
         sysmon_event['events'].append(field_name)
         count += 1
     all_sysmon.append(sysmon_event)
@@ -95,6 +96,17 @@
     for field in sysevent['events']:
         if field['name'] not in unique_fields:
             unique_fields.append(field['name'])
+        if (field['type'].startswith("win:UInt") or
+            field['type'].startswith("win:HexInt")):
+            field['type'] = "toint"
+        elif (field['type'] == "win:UnicodeString" or
+              field['type'] == "win:GUID"):
+            field['type'] = "tostring"
+        elif (field['type'] == "win:Boolean"):
+            field['type'] = "tobool"
+        else:
+            field['type'] = "" #make it backwards and forwards compatible so it doesn't break
+
 
 # ******** Open Sysmon KQL Parser template ****************
 sysmon_parser_template = os.path.join(os.path.dirname(__file__), "templates/kql/sysmon_parser.txt")
diff --git a/resources/scripts/templates/kql/sysmon_parser.txt b/resources/scripts/templates/kql/sysmon_parser.txt
index 171ed74cd8..64f3f7f69d 100644
--- a/resources/scripts/templates/kql/sysmon_parser.txt
+++ b/resources/scripts/templates/kql/sysmon_parser.txt
@@ -24,7 +24,7 @@ let EventData = Event
 let {{event['name']}}_{{event['id']}}{% raw %}=() {
 let processEvents = EventData
 | where EventID == {% endraw %}{{event['id']}}
-| extend {% for field in event['events'] if field['name'] not in ['Hashes','Hash'] %}{{field['name']}}{% raw %} = EventDetail.[{% endraw %}{{field['index']}}{% raw %}].["#text"]{% endraw %}{{ ", " if not loop.last else "" }}
+| extend {% for field in event['events'] if field['name'] not in ['Hashes','Hash'] %}{{field['name']}}{% raw %} = {% endraw %}{{field['type']}}{% raw %}(EventDetail.[{% endraw %}{{field['index']}}{% raw %}].["#text"]){% endraw %}{{ ", " if not loop.last else "" }}
 {% endfor -%}
 {% for field in event['events'] -%}
     {% if field['name'] in ['Hashes','Hash'] -%}