fixing sophos detections

WithSecureLabs · Jan 7, 2022 · c553d5e · c553d5e
1 parent f4b8b0a
commit c553d5e
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/hunt/modules.rs b/src/hunt/modules.rs
@@ -579,7 +579,7 @@ pub fn detect_sophos_detections(
     let threat_type;
 
     // Sophos puts the relevant data in a Vec. Here we locate it and extract the key fields
-    if let Some(threat_data) = ajson::get(&event.to_string(), "Event.EventData.Data.#text") {
+    if let Some(threat_data) = ajson::get(&event.to_string(), "Event.EventData.Data") {
         threat_type = match threat_data.to_vec().get(0) {
             Some(a) => a.clone(),
             None => return None,