Forum Discussion
Data Collection Rules and Xpath Queries Issue
Testing out the AMA to create custom filters for certain events. Still new to Xpath so have testing out some queries I've created. One query doesn't seem to work in sentinel the way I expect. Even th...
You need to enclose the filter in the same brackets. This example will filter Security Eventlog with EventID=4663 and param1!="ProcessName":
Security!*[System[(EventID=4663 and EventData.Data.param1!="ProcessName")]]
/Kenneth ML
Security!*[System[(EventID=4663 and EventData.Data.param1!="ProcessName")]]
/Kenneth ML