dstaulcu
commented
2 years ago actually --- holdup. hash_sha256 is missing with only mainstream sysmon app deployed.. investigating
Closed dstaulcu closed 2 years ago
dstaulcu
commented
2 years ago actually --- holdup. hash_sha256 is missing with only mainstream sysmon app deployed.. investigating
dstaulcu
commented
2 years ago actually --- holdup. hash_sha256 is missing with only mainstream sysmon app deployed.. investigating
False alarm on hash_sha256. Production environment had custom transform for Sysmon source key which undermined transform attempts by ThreatHunting when source/sourcetype did not have expected values from Splunk_TA_Windows 5+.
olafhartong
commented
2 years ago thanks for your support!
suggested change to address issue #97