You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Referencing issues raised PR by @lostInSpaceSomewhere from Azure Sentinel Github. since we are generating parser from automated script, it makes sense to update original template to get those changes in the script.
Formatting fixes - added line breaks in each project list of fields so parser looks legible.
Update Hashes like below in related event Ids where Hashes field is available. | extend Hashes = extract_all(@"(?P<key>\w+)=(?P<value>[a-zA-Z0-9]+)", dynamic(["key","value"]), tostring(EventDetail.[17].["#text"]))
update all union section from line 515 till end. - changes are additional fields in project.
The text was updated successfully, but these errors were encountered:
Hi @Cyb3rWard0g
Referencing issues raised PR by @lostInSpaceSomewhere from Azure Sentinel Github. since we are generating parser from automated script, it makes sense to update original template to get those changes in the script.
PR : Azure/Azure-Sentinel#1754
Summary of changes required in original template:
| extend Hashes = extract_all(@"(?P<key>\w+)=(?P<value>[a-zA-Z0-9]+)", dynamic(["key","value"]), tostring(EventDetail.[17].["#text"]))
The text was updated successfully, but these errors were encountered: