Hi, I'm working with ESM 10.2
I want to do a correlation rule that triggers when the field "Process_Name" has a value of example firefox, chrome or iexplore. but I'm unable to make it work.
Process_Name: C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE
regex(*/chrome/i*) to do case insensitive and the rest of the string
but it says error when rollout.Need Help please
Solved! Go to Solution.