Closed dstaulcu closed 2 years ago
actually --- holdup. hash_sha256 is missing with only mainstream sysmon app deployed.. investigating
actually --- holdup. hash_sha256 is missing with only mainstream sysmon app deployed.. investigating
False alarm on hash_sha256. Production environment had custom transform for Sysmon source key which undermined transform attempts by ThreatHunting when source/sourcetype did not have expected values from Splunk_TA_Windows 5+.
thanks for your support!
suggested change to address issue #97