BlakeHensleyy
commented
4 months ago This PR was made by mistake
Closed BlakeHensleyy closed 4 months ago
BlakeHensleyy
commented
4 months ago This PR was made by mistake
The description field parsing delimiter was changed from "_" to ""(none) because no delimiters aligns better with our field naming scheme. The capability for Sysmon event descriptions to be parsed was added. This will occur automatically with no change to the configuration needed when Sysmon\Operational events are being collected. These fields are also parsed following our field naming scheme.