Skip to content

Commit

Permalink
Update
Browse files Browse the repository at this point in the history
  • Loading branch information
exa-content-sec committed Feb 9, 2023
1 parent f2f273d commit f1f0bf2
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions DataSources/Varonis/Data_Security_Platform/Ps/pC_qvaronisfileactivity.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,12 +22,12 @@ Name = q-varonis-file-activity
"""Affected_Object_Path=(|({file_path}[^=]{1,2000}?))\s{1,10}(\w{1,100}=|$)""",
"""Affected_Object_Path=({file_parent}[^=]{1,2000}?)\\[^\\]{1,2000}\s{1,10}(\w{1,100}=|$)""",
"""cat=({category}[^=]{1,2000}?)\s{1,10}(\w{1,100}=|$)""",
"""DatAdvantage\|[^\\]{1,1000}?\|({additional_info}[^\\]{1,2000}?)\|""",
"""DatAdvantage\|[^\\]{1,1000}?\|({alert_name}[^\\]{1,2000}?)\|""",
"""Device_Name =({src_host}[^=]{1,2000}?)\s{1,10}(\w{1,100}=|$)""",
"""usrName =(({domain}[^\\]{1,100})\\)?({user}[^=]{1,1000}?)\s{1,10}(\w{1,100}=|$)""",
"""accountName =({user}[^=]{1,2000}?)\s{1,10}(\w{1,100}=|$)""",
]
DupFields = [ "accesses->event_code" ]
DupFields = [ "accesses->event_code", "alert_name->additional_info" ]


}
Expand Down

0 comments on commit f1f0bf2

Please sign in to comment.