AnsweredAssumed Answered

Wrong parser on Security Windows Logs

Question asked by Agustin Gras on Nov 7, 2018
Latest reply on Nov 13, 2018 by Eric Partington

I have a problem with the parser from the logs from a Windows event source,only with the Security Logs.

In the investigation module i can see the logs, but they have a wrong parser I realised that the header.id meta is wrong, because the "Log type" in the log start with lower case, this said "security" instead of "Security" and because of that those events have a wrong match with the header.id on the parser and the same with the message.id (windows_generic), generating a wrong match with metas. 
Sorry for my english, i hope you can help me.
Thank you for your time

Outcomes