Dear all,
I created lot of event filter in Security -> Event Filter for the Elastic Endpoint Agent, but it 's still impossible to use regular expression to exclude event (except for file.path.text).
Do you have an idea how to create regex event filter for the registry path field (for example)? If you have some example, I'm really interested
Thanks for your help
Hi @Axel_zendata ! Thank you for reaching out here. You are correct that the regex wildcards are only available for the file path in the event filters currently. I've spoken with the team that manages this functionality and they plan on adding it to their roadmap as an enhancement to the event filters.
Hi @Michael_Olorunnisola , Great news, thanks for your answer
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.