- Time
- Machine
- Process(Guid)
Gonna be a box in one corrner giving all the data in a more presentable format
Link to VT with display of detection(enable by filter setting)
Quick side note for next time I work on this Each Child should only have one relationship A parent can have multiple relationships to children but a child can have only one relationship to a parent This should fix the issue I was encountering earlier
Depending on what is returned from the rest of the event IDs, I could add other relationships that map to the guid Filtering Process Termination Marking Getting Data straight From a log in real time Integration with splunk(if at all possible)