bmk666
commented
5 years ago Got it, you have to add:
| registry_whitelist | process_create_whitelist
to every search on the "Threat Hunting trigger overview" Dashboard.
BR, Sascha
Closed bmk666 closed 5 years ago
bmk666
commented
5 years ago Got it, you have to add:
| registry_whitelist | process_create_whitelist
to every search on the "Threat Hunting trigger overview" Dashboard.
BR, Sascha
olafhartong
commented
5 years ago I've been considering filtering the overview, need to do some performance tests to see if the whitelisting will not impact the search speed too much
olafhartong
commented
5 years ago added to latest commit
"Threat Hunting trigger overview" shows all past triggers, even if i add some stuff to the white lists. White lists are only working in drilldowns.
It will be great if all whitelisted events not shown on the "Threat Hunting trigger overview" page!
BR, Sascha