0xC0FFEEEE

Hey @P4T12ICK I picked up on this flaw and it looks like the TA does now normalize 4732. This is the updated rule that I've come up with that appears...

Thanke @josehelps I think the score is even. I've had to further update the filter with the following as the CIM datamodel is inconsistent between Sysmon and the Security Channel:...

I believe this has always been the case, our Obs team has been trying to get to the bottom of this since the integration was originally set up and have...

I've identified another issue which is impacting the ability to perform field extractions and normalization. similar to #325. This could be due to the events being sent to the incorrect...

Updated to use `YmlReader` and `YmlWriter`, do some cleanup of imports and add some useful console output.

@ljstella @pyth0n1c Thanks for your responses. Admittedly I haven't tried again since V3.something where this wasn't the case. I agree that there would be unnecessary clutter by creating the filter...

Thanks @MarioHewardt, I'll get them to run it over the weekend and will report back.

Here's the log as promised. With my rudimentary knowledge it looks like it's just the cache again and is not necessarily a memory leak. If that is the case, would...

Attempting to implement this in #397

Just thinking aloud, it would be neat if there was an option to add the search as a drilldown by default with a feature flag or a config stanza. This...