Dave McCormack

> I tried to implement the suggestion from @davemcincork in [#3254 (comment)](https://github.com/microsoft/STL/issues/3254#issuecomment-1991532148). > > ```diff > diff --git a/stl/src/syserror_import_lib.cpp b/stl/src/syserror_import_lib.cpp > index e2f2d2b7..a70424ba 100644 > --- a/stl/src/syserror_import_lib.cpp > +++ b/stl/src/syserror_import_lib.cpp...

> > I _think_ your proposal will leak. As in my suggestion, you're calling `FormatMessageA` with the `FORMAT_MESSAGE_ALLOCATE_BUFFER` which causes it to allocate the buffer. But unlike my suggestion, you...

> > I was referring to what happens in the case where the API call succeeds. > > I believe that freeing should be done by the call site with...

I'm re-opening this issue for re-consideration. I've recently been doing some work in our product using the `network_interface` object, and have become aware of something that I think strengthens the...

@jonrau-at-queryai - Yes, I will create a `script` object to hold all the script-related stuff. This will enable scripts to be referenced in other parts of the schema too, e.g....

I didn't see this issue before. [T1543.003](https://attack.mitre.org/techniques/T1543/003/) ("Create or Modify System Process: Windows Service") is one of the most commonly used sub-techniques for achieving the Persistence and Privilege Escalation tactics...

A few thoughts from me on this proposal... > Paul: One obvious approach is to use the Detection Finding class, however it isn't appropriate for all types of detections: it...

Regarding `action_id` and `disposition_id`, I wasn't aware of the significance of the `No Action` value for the latter. That does make the `Security` profile more suitable for use in non-enforcing...