Closed bmk666 closed 5 years ago
Got it, you have to add:
| registry_whitelist
| process_create_whitelist
to every search on the "Threat Hunting trigger overview" Dashboard.
BR, Sascha
I've been considering filtering the overview, need to do some performance tests to see if the whitelisting will not impact the search speed too much
added to latest commit
"Threat Hunting trigger overview" shows all past triggers, even if i add some stuff to the white lists. White lists are only working in drilldowns.
It will be great if all whitelisted events not shown on the "Threat Hunting trigger overview" page!
BR, Sascha