Hello World!
I think is a great idea modify the default query "Top threat indicators on Windows devices" with a exclusion list of paths.
I tried to add a pastebin link with the list of exceptions but it does not work for me.
WHERE
query_name = 'running_processes_windows_sophos'
AND (ml_score >= 20 OR pua_score > 20)
AND (local_rep < 91)
AND PATH NOT IN (SELECT curl where $$PASTEBINURL$$')
Any ideas?
Thank you so much!
Cheers!
