Closed bmk666 closed 4 years ago
I do not have this error, is the app properly named ?
does this query yield results for you?
| rest /servicesNS/-/ThreatHunting/saved/searches
| search title="[T*]*"
| makemv delim="," action.summary_index.mitre_technique_id
| mvexpand action.summary_index.mitre_technique_id
| stats dc(action.summary_index.mitre_technique) AS Searches by action.summary_index.mitre_technique_id
| sort action.summary_index.mitre_technique_id
| rename action.summary_index.mitre_technique_id AS "id"
| table id
The "mitre_technique_id" drop down on the "Whitelist Editor Pages" only shown "All (*)"