Andrew T

Results 5 comments of Andrew T

Cisco ISE - Hunting Queries generates E_RUNAWAY_QUERY error

Thanks @v-utpalkumar I did some further testing by modifying the query in CiscoISEEvent to not try and reconstruct the multi-part message, and that does fix the performance issues, however it...

Update ASimAuditEvent parsers to improve Scheduled Task Event Parsing

@microsoft-github-policy-service agree

Update ASimAuditEvent parsers to improve Scheduled Task Event Parsing

Hi @v-atulyadav I will look to generate some sample data that covers off the scheduled task related event IDs and will add to the PR. As for the replace_strings error,...

Update ASimAuditEvent parsers to improve Scheduled Task Event Parsing

Hi @v-atulyadav I am having problems generating sample logs to match the existing Microsoft_Windows_AuditEvent_SecurityEvent_IngestedLogs.csv in the Sample data directory. It seems the columns may have changed since the sample data...

test ASimAuditEvent

Hi @oshezaf I am the customer that run into these issues while trying to use ASimAuditEvent to develop an analytic rule, and raised the PR with what is really a...