Open CometCom1 opened 4 years ago
Getting this error when executing against my lab.
At C:\Users\administrator.DUDE\Documents\DocumentCMCB-1.ps1:6374 char:41
+ ... $EDMValue = ($EDM.EnhancedDetectionMethod.Rule.Expression ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
You cannot call a method on a null-valued expression.
At C:\Users\administrator.DUDE\Documents\DocumentCMCB-1.ps1:6372 char:41
+ ... $EDMProperty = ($EDM.EnhancedDetectionMethod.Rule.Express ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
So, looks like there is a bug there.
Also, looks like it doesn't handle multiple registry entries in the detection either. I have some lab deployments that are writing Objects to the documentation for the detection methods like below. These each have 2 reg values in the detection.
•Using Simple Registry detection method.
•Simple Hive: System.Object[]
•Simple Key : System.Object[]
•Property : System.Object[]
•System.Object[] And 19.00.00.0
Thanks.
I knew that I didn't do the multiple detection methods. My customer simply doesn't use these at present, and my own LAB environment isn't fully set up yet. So every development has been done on a live environment at my client.
I'd assume the errors thrown are due to multiple detections, which would make good sense, on the other hand it could be anything.
I will work on a LAB environment to include multiple detection methods, being of various mixed types, and then make the appropriate changes.
TODO: Multiple detections methods and their logical relation. TODO: Investigate errors thrown @ 6372 and 6374
I'll get cracking on a solution a.s.a.p.
Testing new code on live system @ Client (1910 w HotFix), running on Windows 2012R2 with external SQL database.
TODO: Would like to make changes to the detection display, to enable detection and rules to be shown in tables.
Added enhanced detection methods.
Added a little additional application usage.