Hello , anyone have developed a dashboard using query formatted in YARA-L ? i'm looking to develop a dashboard to visualise dropped logs count for each log type ?
Who can help please ?
Page 1 / 1
This query should get you what you're looking for.
ingestion.log_type != ""
$log_type = ingestion.log_type
match:
$log_type
outcome:
$drop_count = sum(ingestion.drop_count)
order:
$drop_count desc
-mike
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.