search

olafhartong / ThreatHunting

A Splunk app mapped to MITRE ATT&CK to guide your threat hunts
MIT License
1.14k stars 178 forks source link

mitre_technique_id not extracting consistently in whitelist management dashboards #99

Closed dstaulcu closed 2 years ago

dstaulcu commented 2 years ago

Id field extraction capture groups overshoot in two cases:

  1. where value to extract is not at end of line
  2. where text of value to extract is urlencoded

Easy to fix through use of urldecode command and with changes in filtering and extraction strategy.

Pull request to follow...

olafhartong commented 2 years ago

fixed by your own PR :) thanks