Hey there guys,
I am facing a really silly issue, I have a custom field called category and I want to add a single value to a match component of mine - Category in Spam. Now, for some weird reason the SIEM won't allow me to add a singular value, as you'll be able to see in the picture beneath I am unable to add the value.
What funny is, that I can create a watchlist with a single value and say Category in Watchlist.
Is there something I am missing? Because this seems really silly.
Interesting. You got the window to come up without it specifying the Subtype. Is this a GUI error? Can you show me what you have in the other windows?
This is what it would look like when adding a value to an IN operator in a correlation rule match component.
Well I am thinking this is a GUI error as well..
Does anyone have a solution?
The other tabs look as follows:
You Deserve an Award
Community Help Hub
-
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.
- Find Forum FAQs
- Learn How to Earn Badges
- Ask for Help
Join the Community
-
Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:
- Get helpful solutions from McAfee experts.
- Stay connected to product conversations that matter to you.
- Participate in product groups led by McAfee employees.
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA