Eval command failing in props.conf #60 - Updated

olafhartong / ThreatHunting

A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

MIT License

1.12k stars 177 forks source link

Eval command failing in props.conf #60 - Updated #66

Closed OutpostSecurity closed 3 years ago

OutpostSecurity commented 3 years ago

Updated [XmlWinEventLog:Microsoft-Windows-Sysmon/Operational] to [source::XmlWinEventLog:Microsoft-Windows-Sysmon/Operational] to allow the proper setting of event_id = EventCode

olafhartong commented 3 years ago

Thans so much Stuart!