This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question
lukas-lr
Bronze 4
Bronze 4
Since ‎11-14-2023
‎05-27-2024

My Stats

  • 14 Posts
  • 4 Solutions
  • 6 Likes given
  • 6 Likes received

Adam_Roberts's Bio

Badges lukas-lr Earned

View all badges

Recent Activity

Use parser extension to remove field mapping

12-14-2023
Hi everyone,Is there a way to delete a field value by using a parser extension? I want to "move" a value from one UDM field to the other, leaving the UDM field used by the default parser empty. However, I could not find an explicit way to set it to n...

Windows Parsers and Asset Enrichment

12-12-2023
Hi everyone,Does anyone know how the asset enrichment with the parsers for Windows events is supposed to work? I feel like a lot of parser extensions is required to get consistent IDs.We are ingesting Windows events as WINEVTLOG and AD asset data as ...

Use string length in YARA-L rule

12-07-2023
Hi everyone,Is there a way to get the length of a string in YARA-L? For example, I'd like to alert on DNS queries longer than a certain threshold.

Ingesting logs from legacy Dell Storages

11-21-2023
Hi All,We are already ingesting logs from Dell EMC PowerStore (with a custom parser), but there is also a requirement to ingest logs from Dell Compellent/SC Series and Dell EqualLogic - the predecessors of PowerStore, as far as I know.Does anyone hav...

Require new data type for Huawei OceanStor

11-21-2023
Hi all,My client wants to ingest logs from their Huawei OceanStor Pacific appliances, but there is no datatype for this log source as of now. How can I request one? And is there a "generic" data type which I can use to ingest the logs and develop a p...