I recently noted that we are obtaining an error in the log decoder configurations.
Two of the rules that are configured ara highlighted. The rules are
nw30060 and account:logon-success-direct-access.
They have the following syntax:
nw30060: reference.id='528','540','4624' && logon.type='3' && process='NtLmSsp' && user.dst!='ANONYMOUS LOGON' && NOT(user.dst ends '$')
account:logon-success-direct-access ((ec.activity='Logon' && ec.outcome='Success') || (event.cat.name='User.Activity.Successful Logins')) && logon.type='2','10'
I tried to test them in the reports view but i also noticed that the meta have disappeared and is now retrieving the following information:
Schema fetched from data source is null for data source xxxxx. I tried do use all the date sources that we have and it stays the same