I use the below search command with email notification query:
src=BDDH2591 source="D" earliest=-14d | table time_detected, src, user, file_path | stats list(file_path) list(time_detected) AS time by src user*
the email content will consist of the below information
Antivirus information:
Date (UTC-0): $$result.time_detected$$
Machine name: $$result.src$$
Username: $$result.user$$
Path: $$result.file_path$$
However, the result of email content will become below:
Antivirus information:
Date (UTC-0):
Machine name: BDDH2591
Username: chsab
Path:
The date and time details are missing.
What can be done?
... View more