diff --git a/README.md b/README.md
index 2d08716..9996a01 100644
--- a/README.md
+++ b/README.md
@@ -15,6 +15,7 @@ You can use them, improve them or add new ones.
 ## elastic
 - ecs_1_winlogbeat ECS 1.xx winlogbeat field mapping 
 - ecs_1_filebeat ECS 1.xx filebeat field mapping (only auditd module)
+- ecs_1_casesensitive Use regex to make Case Insensitive search
 
 ## misc
 - placerholder from [sigmahq bloq](https://blog.sigmahq.io/building-flexible-detections-with-sigma-placeholders-7c1b814e2860)
diff --git a/elastic/ecs_1_casesensitive.yml b/elastic/ecs_1_casesensitive.yml
new file mode 100644
index 0000000..4a741fa
--- /dev/null
+++ b/elastic/ecs_1_casesensitive.yml
@@ -0,0 +1,11 @@
+name: Elastic CaseSensitive
+priority: 20
+transformations:
+  - id: field_case
+    type: regex
+    method: ignore_case_brackets
+    field_name_conditions:
+      - type: include_fields
+        fields: 
+          - Image
+          - CommandLine
\ No newline at end of file