Registry whitelist editor not working with "registry_key_details" field with "null" value

olafhartong / ThreatHunting

A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

MIT License

1.13k stars 177 forks source link

Registry whitelist editor not working with "registry_key_details" field with "null" value #16

Closed bmk666 closed 5 years ago

bmk666 commented 5 years ago

Many of whitelisted registry access have no "registry_key_details" value (value null) so it is not working with "*", so null values must be possible.

I used the Lookup Editor to add the registry exclusions with null value and it is working. But when i used your whitelist editor after i added some "null" values, all my entrys with "null" are deleted after saving!

BR, BMK

olafhartong commented 5 years ago

Are you working with version 1.1 or 1.2? This should be addressed in 1.2 already

olafhartong commented 5 years ago

this is fixed in 1.2