Exceptions matches escaping

We've encountered this rather annoying problem when writing exceptions the documentation on Add and manage exceptions states following:

Some characters must be escaped with a backslash, such as \\ for a literal backslash, \* for an asterisk, and \? for a question mark. Windows paths must be divided with double backslashes (for example, C:\\Windows\\explorer.exe ), and paths that already include double backslashes might require four backslashes for each divider.

Would it be possible, to provide a list of characters that require escaping? Currently we're stuck with trial and error approach which can be very annoying for people managing the SIEM. Or at least an explanation on how these work under the hood would be nice since this interface for exceptions is different from others and there is no way how to inspect the request it makes.

Hello @j91321

Can you please let us know in more details what issues have you experienced during setup of exceptions?

Thank you

Hi,

yes we mainly struggled with characters that can occur in filenames or paths. Especially: \ ? *

The problem is, because of the vagueness of the documentation it can be sometimes difficult to debug. And there is no "Inspect" option, so I can't look at the query that's done in the background.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.