diff --git a/evtx/Maps/Security_Microsoft-Windows-Security-Auditing_4701.map b/evtx/Maps/Security_Microsoft-Windows-Security-Auditing_4701.map
index 5ca0f780..c8fa6fd7 100644
--- a/evtx/Maps/Security_Microsoft-Windows-Security-Auditing_4701.map
+++ b/evtx/Maps/Security_Microsoft-Windows-Security-Auditing_4701.map
@@ -16,11 +16,18 @@ Maps:
         Value: "/Event/EventData/Data[@Name=\"SubjectUserName\"]"
   -
     Property: PayloadData1
-    PropertyValue: "<name>: %<name>%"
+    PropertyValue: "TaskName: %TaskName%"
     Values:
       -
-        Name: <name>
-        Value: "/Event/EventData/Data[@Name=\"<name>\"]"
+        Name: TaskName
+        Value: "/Event/EventData/Data[@Name=\"TaskName\"]"
+  -
+    Property: PayloadData2
+    PropertyValue: "SubjectUserSid: %SubjectUserSid%"
+    Values:
+      -
+        Name: SubjectUserSid
+        Value: "/Event/EventData/Data[@Name=\"SubjectUserSid\"]"
 
 # Documentation:
 # https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=4701