Artifact Filtering -> ES event list not in Sync with Subscribed events

redcanaryco / mac-monitor

Red Canary Mac Monitor is an advanced, stand-alone system monitoring tool tailor-made for macOS security research. Beginning with Endpoint Security (ES), it collects and enriches system events, displaying them graphically, with an expansive feature set designed to reduce noise.

938 stars 46 forks source link

Artifact Filtering -> ES event list not in Sync with Subscribed events #5

Closed theevilbit closed 1 year ago

theevilbit commented 1 year ago

Describe the bug When I subscribe to a new event, it should appear under Artifact Filtering -> ES events, but it only appears if I disable/enable it.

Expected behavior See above

To Reproduce Steps to reproduce the behavior:

Enable artifact filtering
Subscribe to a new event in Settings
The new event won't appear in Artifact Filtering -> ES events

Platform specifics (please complete the following information):

macOS version 13.3.1
Architecture Intel
- Version 1.0.1 (1)

Brandon7CC commented 1 year ago

100% correct! I've found myself doing similar things during analysis. Should be an easier add!

Brandon7CC commented 1 year ago

Fixed in v1.0.3 thank you @theevilbit! Please note that when you unsubscribe from an even that event will not be removed from the filter set because it led to a strange user experience