Removing from whitelist deletes whole whitelist.csv

olafhartong / ThreatHunting

A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

MIT License

1.14k stars 178 forks source link

Removing from whitelist deletes whole whitelist.csv #93

Closed 0x2e8b closed 2 years ago

0x2e8b commented 2 years ago

Adding to the whitelist works just flawless, but when I try to remove any record it deletes everything from that particular csv I'm using. gif Here I filled it with bogus data, but it does the same thing with real ones too, with or withour using wildcards. version 1.5.0

0x2e8b commented 2 years ago

I found the cause, pull request sent https://github.com/olafhartong/ThreatHunting/pull/94

olafhartong commented 2 years ago

Thanks for this! Closing with your fix

dstaulcu commented 2 years ago

Thanks for closing so many PRs today. Did Florian's Twitter post about his GitHub bullying tactic get under your skin? Jokes aside, Looking forward to keeping you busy with this project as I progress from process create tuning phase to focus on other event types.