Event filter for Elastict Agent and Endpoint Security

Dear all,

I created lot of event filter in Security -> Event Filter for the Elastic Endpoint Agent, but it 's still impossible to use regular expression to exclude event (except for file.path.text).

Do you have an idea how to create regex event filter for the registry path field (for example)? If you have some example, I'm really interested

Thanks for your help

Hi @Axel_zendata ! Thank you for reaching out here. You are correct that the regex wildcards are only available for the file path in the event filters currently. I've spoken with the team that manages this functionality and they plan on adding it to their roadmap as an enhancement to the event filters.

Hi @Michael_Olorunnisola , Great news, thanks for your answer

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.