search

olafhartong / ThreatHunting

A Splunk app mapped to MITRE ATT&CK to guide your threat hunts
MIT License
1.12k stars 177 forks source link

Incorrect reference to sysmoneventcodes.csv in default/props.conf #56

Closed sebastiendamaye closed 4 years ago

sebastiendamaye commented 4 years ago

The file ./default/props.conf is incorrectly referencing sysmoneventcodes.csv (trailing "s" is missing):

LOOKUP-sysmoneventcode = sysmoneventcode.csv EventCode OUTPUTNEW event_description Instead of:

LOOKUP-sysmoneventcode = sysmoneventcodes.csv EventCode OUTPUTNEW event_description

olafhartong commented 4 years ago

Thanks for pointing this out, it has been adjusted in the latest commits

bchris21 commented 3 years ago

Is it the same with line 277? LOOKUP-sysmoneventcode = sysmoneventcodes.csv EventCode OUTPUTNEW event_description

Is the trailing "s" missing from LOOKUP-sysmoneventcode ?