search

briandelmsft / STAT-Function

Azure Function for the Microsoft Sentinel Triage AssistanT (STAT)
https://aka.ms/mstat
MIT License
9 stars 1 forks source link

MDE Module: Randomly does not find the devices based on IP #72

Closed briandelmsft closed 3 months ago

briandelmsft commented 3 months ago

Issue in the arg_max() function where the latest record doesn't always have ip info

Need to add a note to comment output that the device lookup is based on the most recent devices to have that IP

piaudonn commented 3 months ago

This is one of my favorite bug 🐞