attack_data icon indicating copy to clipboard operation
attack_data copied to clipboard
verified publisher icon splunk

wrong sourcetypes for some datasets

Open pong-rearc opened this issue 1 year ago • 0 comments

eg datasets/suspicious_behaviour/crowdstrike_stream/admin_weak_password_policy/admin_weak_password_policy.yml

is marked with sourcetypes:

  • 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational'

should be crowdstrike:identities

there are others besides this example. all the ones I found so far are in the crowdstrike stream folder, so not sure if other datasets are affected.

pong-rearc avatar Jan 17 '25 18:01 pong-rearc