Hello!
Changes are coming with 3.11, but for improvement put this information directly into mail:
- Source
- Category
- Action
- Host
- Username
- Starred Alert
- Excluded Alert
- Alert ID
- Incident ID
- actor_process_image_path
- actor_process_image_name
- actor_process_command_line
- actor_process_image_sha256
- causality_actor_process_image_path
- causality_actor_process_image_name
- causality_actor_process_command_line
- causality_actor_process_image_sha256
- os_actor_process_image_path
- os_actor_process_image_name
- os_actor_process_command_line
- os_actor_process_image_sha256
If you like to do it the sexy way, let us choose what we want to see.
BR
Rob
