Sébastien Damaye
Sébastien Damaye
Below is the updated version of `./default/data/ui/views/dns_whitelist.xml ` ``` DNS whitelist editor host_fqdn process_path query_name mitre_technique_id reason CHANGEME Mode Add Remove add Today's Entries | makeresults | eval input_host_fqdn =...
Maybe better to remove the `mitre_technique_id` field from the macro directly, as I don't see it used in the view. Modified macro would be: ``` [dns_whitelist] definition = lookup dns_whitelist...
Patch to apply to `default/data/ui/views/file_create_whitelist.xml` to fix the issue: ``` @@ -48,6 +48,7 @@ Today's Entries | makeresults +| eval input_host_fqdn = COALESCE(if(trim("$host_fqdn$")="", "*", trim("$host_fqdn$")), "*") | eval input_mitre_technique_id =...
@Suirand1 I applied the patch on the latest release (1.4.92) and it's working fine. Just make sure you restart Splunk once you have applied the patch. 
@olafhartong I take this opportunity to confirm that the latest release (1.4.92) is still suffering from this bug :)