Event Filters & Wildcards

According to the docs, it sounds like the only way to use wildcards is with matches and file.path.text ?

So using is with an asterisk at the beginning or end going to interpret that as a literal asterisk?

Bump!

Hi @DefensiveDepth
I changed the categories to the topic, the document you reference, and the topic is related to Elastic Security Solution let's see if anyone responds (unfortunately not my expertise)

@DefensiveDepth your understanding is correct. * is interpreted as a literal asterisk by is.

I've raised this internally, I'm not sure if we'll be able to allow matches on all fields or not but we're looking into it.

1 Like

Thanks @ferullo for responding. I would like to submit some feedback / feature request for this functionally (Would love to see it more flexible, with both Include & Exclude, like what Sysmon supports)

Where would be the best place to submit this?

Can you open a new issue in the Kibana repo describing what you want? If you tag me (@ferullo) I'll make sure it's seen by the right people.

Done: Feature Request: Additional Filtering Options for Elastic Defend · Issue #168478 · elastic/kibana · GitHub

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.