I can't create an accurate Mac compliance query (ES Threat Prevention). Problems are:
Both are only treated as string options ("equals/does not equal/contains/etc").
This makes it difficult to have automatic compliance queries that do not need altered each time, which means automatic server tasks can't be run either (like email someone if DAT is x days old).
Am I doing something wrong? Is there a way around this? Is that just how it goes?
Nobody has compliance queries for Mac to share?