Just a quick question, for 8.7 it is a little unclear in the documentation if "is one of" allows for wildcarding values or if matches is the only way. If matches is the only way, will there be a more efficient way to add a list of values with wildcards in the future.
Hi @emmanuel_lankford
Welcome to the Elastic community!
It only supports matching, no wildcards.
I guess it would depend on your workflow.
"is one of" shows you list of existing value, hence allow to choose which one to ignore.
"is in list" would allow to apply batch of values in one edit
matches | does not match supports wildcard though Add and manage exceptions | Elastic Security Solution [8.8] | Elastic
Thanks, Vitalii
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.