Mauricio Santillan
Mauricio Santillan
Hello team, I received some Crowdstrike log samples.
Hello team! Based on the logs samples we have and on these documents: - https://help.sumologic.com/07Sumo-Logic-Apps/22Security_and_Threat_Detection/CrowdStrike_Falcon_Endpoint_Protection/Collect_logs_for_the_CrowdStrike_Falcon_Endpoint_Protection_App - https://www.elastic.co/guide/en/beats/filebeat/current/exported-fields-crowdstrike.html I've created next ruleset : ```xml json \.+ \.+ \.+ \.+ \.+ Crowdstrike...
I've just updated [this comment](https://github.com/wazuh/wazuh/issues/8129#issuecomment-997102106) to update the rules with recent improvements.