AnsweredAssumed Answered

Wrong parser on Security Windows Logs

Question asked by Agustin Gras on Nov 7, 2018
Latest reply on Nov 13, 2018 by Eric Partington

I have a problem with the parser from the logs from a Windows event source,only with the Security Logs.

In the investigation module i can see the logs, but they have a wrong parser I realised that the meta is wrong, because the "Log type" in the log start with lower case, this said "security" instead of "Security" and because of that those events have a wrong match with the on the parser and the same with the (windows_generic), generating a wrong match with metas. 
Sorry for my english, i hope you can help me.
Thank you for your time