User Activity
-
Posted
a comment
on
discussion snare-users
on
Snare Lite (SIEM & Logging Software)
Thanks Chawakorn, If you start snarecore.exe from powershell as local administrator, do you get any crash log data? (if not, add the '-d' flag, and check if there are any differences).
-
Modified
a comment
on
discussion snare-users
on
Snare Lite (SIEM & Logging Software)
A plain old "*$" exclusion should work for you, based on the comments from the dev team. I've implemented a (horribly simplified/cut down) proof of concept here: https://onlinegdb.com/HyIsG7qxM .. just to make sure the code is doing what I think it's doing. The line in particular: if(wildmatch("*$","Testing$",1)) { ... is doing the check - it returns a "Yep match found" when I ask it to compare "*$" and "Testing$". The order of objective matches is important in the agent - can you make sure that...
-
Modified
a comment
on
discussion snare-users
on
Snare Lite (SIEM & Logging Software)
A plain old "*$" (without the space - blame sourceforge formatting) exclusion should work for you, based on the comments from the dev team. I've implemented a (horribly simplified/cut down) proof of concept here: https://onlinegdb.com/HyIsG7qxM .. just to make sure the code is doing what I think it's doing. The line in particular: if(wildmatch("*$","Testing$",1)) { ... is doing the check - it returns a "Yep match found" when I ask it to compare "*$" and "Testing$". The order of objective matches...
-
Posted
a comment
on
discussion snare-users
on
Snare Lite (SIEM & Logging Software)
A plain old "$" exclusion should work for you, based on the comments from the dev team. I've implemented a (horribly simplified/cut down) proof of concept here: https://onlinegdb.com/HyIsG7qxM .. just to make sure the code is doing what I think it's doing. The line in particular: if(wildmatch("*$","Testing$",1)) { ... is doing the check - it returns a "Yep match found" when I ask it to compare "*$" and "Testing$". The order of objective matches is important in the agent - can you make sure that the...
-
Posted
a comment
on
discussion snare-users
on
Snare Lite (SIEM & Logging Software)
Ahh, yes - you're correct. Apologies; I wrote the piece of code many years ago that does the user match exclusion (and probably that text in the guide), and I still forgot that it was a wildcard match! I'll check with the current devs to see whether they have suggestions.
-
Modified
a comment
on
discussion snare-users
on
Snare Lite (SIEM & Logging Software)
Heya, Try the following: (^.\$$|^abc.def$|^ghi.*) [EDIT: That regex isn't displaying correctly in sourceforge even though it's ok when I edit the reply... please see link for correct regex) https://regex101.com/r/Ioclr5/1
-
Posted
a comment
on
discussion snare-users
on
Snare Lite (SIEM & Logging Software)
Heya, Try the following: (^.\$$|^abc.def$|^ghi.*) https://regex101.com/r/Ioclr5/1
-
Posted
a comment
on
ticket #37
on
Snare Lite (SIEM & Logging Software)
G'day David, Correct on both counts. No, outside of the source code itself, there...
Personal Data
- Username:
- redphoenix
- Joined:
- 2001-11-07 07:57:48
Projects
This is a list of open source software projects that Leigh Purdie is associated with:
-
Snare Lite (SIEM & Logging Software) Snare Enterprise: bit.ly/Snare-Trial Last Updated: