Closed shahrokhnik closed 2 years ago
Hello
This report also needs to be edited
<<<<<| eval indextime = _indextime | convert ctime(indextime) | table _time indextime, host, host_fqdnName, Account_Name, New_Process_Name, Process_Command_Line| rename Process_Command_Line as process_command_line, New_Process_Name as process_path, Account_Name as user_name mitre_category mitre_technique mitre_technique_id hunting_trigger>>>>>
must be changed to :
| eval indextime = _indextime | convert ctime(indextime) | table _time indextime, host, host_fqdnName, Account_Name, New_Process_Name, Process_Command_Line mitre_category, mitre_technique, mitre_technique_id ,hunting_trigger | rename Process_Command_Line as process_command_line, New_Process_Name as process_path, Account_Name as user_name
fixed that, thanks !
olafhartong
commented
2 years ago olafhartong
commented
2 years ago
Hello
This report also needs to be edited
<<<<<| eval indextime = _indextime | convert ctime(indextime) | table _time indextime, host, host_fqdnName, Account_Name, New_Process_Name, Process_Command_Line| rename Process_Command_Line as process_command_line, New_Process_Name as process_path, Account_Name as user_name mitre_category mitre_technique mitre_technique_id hunting_trigger>>>>>
must be changed to :
| eval indextime = _indextime | convert ctime(indextime) | table _time indextime, host, host_fqdnName, Account_Name, New_Process_Name, Process_Command_Line mitre_category, mitre_technique, mitre_technique_id ,hunting_trigger | rename Process_Command_Line as process_command_line, New_Process_Name as process_path, Account_Name as user_name