Event Filters & Wildcards

DefensiveDepth · September 18, 2023, 8:18pm

According to the docs, it sounds like the only way to use wildcards is with matches and file.path.text ?

So using is with an asterisk at the beginning or end going to interpret that as a literal asterisk?

DefensiveDepth · September 25, 2023, 7:51pm

Bump!

stephenb · September 26, 2023, 2:39am

Hi @DefensiveDepth
I changed the categories to the topic, the document you reference, and the topic is related to Elastic Security Solution let's see if anyone responds (unfortunately not my expertise)

ferullo · September 27, 2023, 2:25pm

@DefensiveDepth your understanding is correct. * is interpreted as a literal asterisk by is.

I've raised this internally, I'm not sure if we'll be able to allow matches on all fields or not but we're looking into it.

DefensiveDepth · September 27, 2023, 3:16pm

Thanks @ferullo for responding. I would like to submit some feedback / feature request for this functionally (Would love to see it more flexible, with both Include & Exclude, like what Sysmon supports)

Where would be the best place to submit this?

ferullo · September 27, 2023, 4:02pm

Can you open a new issue in the Kibana repo describing what you want? If you tag me (@ferullo) I'll make sure it's seen by the right people.

DefensiveDepth · October 10, 2023, 2:09pm

Done: Feature Request: Additional Filtering Options for Elastic Defend · Issue #168478 · elastic/kibana · GitHub

system · November 7, 2023, 2:10pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.