I want to do a UDM search like this:
email IN %regex_ref_list
The above ref list currently contains only one entry: .*suspiciousdomain.com
The documentation online (
https://cloud.google.com/chronicle/docs/investigation/udm-search#use_reference_lists_in_udm_searches) states that all types of reference lists are supported. However, when trying to run the above search, I get this error:
compilation error validating query: validating reference list: cannot use list regex_ref_list List of type REGEX with function InReferenceList line: 1 column: 1-43 : invalid argument
Why would I be getting this error if regex lists are supported?
compilation error validating query: validating reference list: cannot use list regex_ref_list List of type REGEX with function InReferenceList line: 1 column: 1-43 : invalid argument
Why would I be getting this error if regex lists are supported?