Hi Team
Recently i came across a scenario where in i am trying to recreate an yara l alert that my colleague created for another project. However at my end i noticed that values are not been seen in that field . log source is o365 and its ingestion method is identical (o365 management api) we both are using same default parser. He has not done any adhoc parsing too. Any reason?
LinkedIn
Twitter
