sigma icon indicating copy to clipboard operation
sigma copied to clipboard

Published 20 hours ago verified publisher icon SigmaHQ

fix capitalization of user directory

Open r1d3th3wav3s opened this issue 3 years ago • 1 comments

Tested this rule with Win10 logs and only worked with capital users directory

r1d3th3wav3s avatar Jan 03 '22 15:01 r1d3th3wav3s

This is a backend problem. I guess that you've indexed your data case-sensitive in an ElasticSearch, am I right?

Neo23x0 avatar Feb 03 '22 21:02 Neo23x0

SIgma is case insensitive for the data , It is a a elastic keyword vs text field trouble

frack113 avatar Dec 06 '22 09:12 frack113