Does anyone know what's causing it?
Hi there, it looks like you are mixing up syntax in that field with KQL syntax. Correct usage would be:
powershell.file.script_block_text : ("MiniDumpWriteDump", "MiniDumpWithFullMemory", "pmuDetirWpmuDiniM")
哈哈,i'm sorry,thank you help me
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.