I'm interested in the reason as well. For example when doing drill-down on 43-263046630 which is for files audit on windows I would like to drill-down on Destination_Filename and not on Object. Also Access_Privileges is missing as well from the drill-down...
You are correct. I've tried adding a new Custom Type and inside the description it's stated that "Non-indexed string types will be filterable by regular expression only.".
A quick validation on this can be done by creating a new custom type with Indexing enabled and another with indexing disabled. The one with Indexing enabled will be usable in drill-downs as for the disabled one it will not appear.
Valid for custom aggregation fields as well - if it's indexed you can aggregate data based on it.
What are you trying to accomplish with the "Referer".
Are you tying to see if somebody web scrapped your website and now is using it to Phish credentials and when they use it on there maliuos site it sends a Referer to your web login page? Possible Action could be to tail the log file the Referer is in and then create a log parser to pull data out and alert on it.
How can i index this two custom files? Destination_Filename, Access_Privileges
I Can't edit.
I try export, change and import but i was ignored by siem lol