filter != has unexpected results
Assigning a Prewikka filter of alert.target.process.name != some_value results in filtering of events where the IDMEF field alert.target.process.name does not exist.
This behavior should be modified so that fields that don't exist don't result in the event being filtered out.
Could you try the attached patch and tell me if it help (it won't solve all instance of the problem through).
- Status changed from New to Assigned
This patch fixed the specific issue faced in the example.
- Status changed from Assigned to Closed
- Resolution set to fixed
(In r7769) Cleanup, fix #129.
- Project changed from PRELUDE SIEM to LibpreludeDB
- Category deleted (
- Target version deleted (
Also available in: Atom