Andreas Misje
Andreas Misje
I would very much like to stack on booleans, but it appears that sorting is broken for boolean values. Here is a very simple query. The raw response JSON follows,...
When the argv parameter is missing from `execve()`, VQL should report an error. The current log message has an unspecified level.
`timestamp(epoch=0)` (where 0 is coming from VQL) results in something like "0001-01-01T00:53:28+00:53". Although this is obviously an invalid timestamp, it still steals a non-significant time from the analyst scanning cells....
If a table is large and cannot fit, the new compact/expand buttons are placed with a huge offset once the table is scrolled horizontally. This is hard to screenshot: ...
From the artifact description: > Send an e-mail when a client flow (with artifacts of interest) has finished. > Cancelled collections and collections with artifacts that do not satisfy >...
After writing a lot of artifacts querying REST APIs (to be released), I have found the need for a helper method that does the following: - Handle login to APIs...