We are using USM 5.0.2 and I was wanting to generate a report for a specific set of conditions. I created a saved view but wanted to understand the advanced filtering.
Data Sources = Ossec Signature contains "integrity"
For the Filename field I would like to be able to search for any changes to our J:\ drive specifically since we need alert a separate team if something changes on that drive, as opposed to C:\ or D:\ which would be just operations team.
I tried filename like J:\* and filename = J:\* but no results are found.
Is this going to work? or is my search logic wrong?