s0p4L1n3
commented
1 week ago If you have only one domain controller, replace NOT source: (DC OR name2 OR name3) with NOT source: DC
The OR condition is only when you have multiple domain controller on your infrastructure.
Hello, I would like to know which step I did wrong that caused Dashboards to not see the data flow. I have made the changes to Windows-Security-Content-Pack.json as you mentioned, but I’m unsure where the error might be. If my server name is DC, should I modify it to just DC or should I modify it to (nameDC OR name2 OR name3)?