I created lot of event filter in Security -> Event Filter for the Elastic Endpoint Agent, but it 's still impossible to use regular expression to exclude event (except for file.path.text).
Do you have an idea how to create regex event filter for the registry path field (for example)? If you have some example, I'm really interested
Hi @Axel_zendata ! Thank you for reaching out here. You are correct that the regex wildcards are only available for the file path in the event filters currently. I've spoken with the team that manages this functionality and they plan on adding it to their roadmap as an enhancement to the event filters.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.