Hello, I have a .csv file with 2 columns: IoC and added_timestamp I did compare the data and I get a few matches, but what I want is to use just a portion of the .csv. Based on added_timestamp column I want to compare the IoC added in .csv in the last 7 days. Can someone help me to accomplish this ? Thank you in advance. ... View more

Hi, I have an inputlookup with wSender, wSubject and wRecipient. I want to whitelist some of the emails sent by an user to a specific recipient that have a specific subject. How can I whitelist based on this 3 conditions (Sender=X, Subject=Y, Recipient=Z) ? I've tried: where Sender!=wSender AND Subject!=wSubject AND Recipient!=wRecipient but in this case all the email sent by wSender are whitelisted. Also tried index=xxx AND NOT | inputlookup whitelist.csv fields wSender, wSubject, wRecipient - but the same result, the user from wSender is getting whitelisted for all the emails he sent not just the ones from wSubject. ... View more

Hello, I'm working on a use case where I have 1 source and 2 destinations. Everything that is found between the source and the 2 destinations need to be excluded. So I've used: where source = X AND destination != Y OR destination != Z But this will filter the logs and will display only the logs that comes from source X and the logs that comes from other sources will be excluded as well. How I can exclude only from source X to destination Y and Z ? ... View more