Hi,
I am currently figuring out what is wrong with my boolean expression.
Currently, I'm making a whitelist of application on sysmon app.
The thing is, I got a different result when I used "(Image!=[process1] AND Image!=[Process2])" and "NOT (Image=[process1] OR Image=[process2])"
I would appreciate if you tell me the difference between these two boolean expressions.
... View more