Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MultiSearch Feature not logging to event log as multisearh #126

Open
ceramicskate0 opened this issue Jan 29, 2020 · 1 comment
Open

MultiSearch Feature not logging to event log as multisearh #126

ceramicskate0 opened this issue Jan 29, 2020 · 1 comment
Assignees
@ceramicskate0
Labels
Bug Feature/something in the app that doesnt work as intended. However the app still works
Projects
SWELF before Prod

Comments

@ceramicskate0
Copy link
Owner

Example:
search_multiple:C:\Windows\explorer.exe`Integritylevel: systemMicrosoft-Windows-Sysmon/Operational1
show as ONLY "C:\Windows\explorer.exe" in debug function under "Search_Rule".

Possible is in function to do multiSearch.
@ceramicskate0 ceramicskate0 added the Bug Feature/something in the app that doesnt work as intended. However the app still works label Jan 29, 2020
@ceramicskate0 ceramicskate0 self-assigned this Jan 29, 2020
@ceramicskate0 ceramicskate0 added this to Dev Currenlty Working in SWELF before Prod via automation Mar 30, 2020
@ceramicskate0 ceramicskate0 moved this from Dev Currenlty Working to Planned for Later 0.6.* releases in SWELF before Prod Apr 6, 2020
@ceramicskate0
Copy link
Owner Author

might be cause of event logs that have more than 1 search rule in the EventData area

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ceramicskate0 ceramicskate0

Labels
Bug Feature/something in the app that doesnt work as intended. However the app still works
Projects
SWELF before Prod
  
Planned for Later 0.6.* releases
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ceramicskate0