I want to say thank you for putting out such great videos. I am currently going along with this project and ran into my first issue. I created my detection rule and everything was moving along smoothly until I went back into powershell, typed 'lazagne.exe all' and it was not detected. I waited another hour to see if it would start populating in my detection section and still nothing. I'm currently stuck, any advice would be greatly appreciated :) Thanks!!
@@MyDFIR After I created the detection rule I tested it and all 4 operations were working. I went back into powershell and ran the lazagne.exe all command and went back into limacharlie under the detection tab to see if anything was detected and still nothing. I stopped and restarted everything and ran it over again and still nothing. Thank you for responding btw
@@MyDFIR I just logged into everything and was getting ready to take screenshots and it generated a detection.. still took almost the entire day to generate lol but I am much appreciative of you ... seriously you have no idea how much your helping me!! Thank you again !! I'm going to move on to part 4 now.
The rule windows_process_creation/proc_creation_win_lolbin_device_credential_deployment no longer exists, It just says /latest/undefined now and I don't know how to proceed.
i keep getting an error message that says "error evaluating rule: event missing routing" when putting in the rule in lima charlie what am i doing wrong?
