Feb 16 2024 07:38 AM
Hi,
I'm a security and forensic consultant for my entity.
I'm looking to create a standard qualification query which contains multiple Source.
In fact,
I simply want to get a result containing all the events based on my targeted ActionType, with only specific fields.
This query would allow me to contextualize a machine, optimizing the visibility of relevant elements.
I've tried all conditional structures (iif, case, Structural objects...) without success.
I worked with AIs trying to refine my code, without success.
Feb 19 2024 05:41 AM
One of my tries :
"