Hello,
I am having trouble with this. Please can someone help me with the custom Regex. I tried to whitelist user in pignore, but not working. Basically I dont want these suspicious file notices as they are false positive, so I need a regex or to know how to whitelist this user:
/tmp/systemd-private-257766520e5e42ec9e011ea44adf928e-elasticsearch.service-O9VmgI/tmp/elasticsearch-16350742201187653773/jna15603940895482760187.tmp
File: /tmp/systemd-private-257766520e5e42ec9e011ea44adf928e-elasticsearch.service-O9VmgI/tmp/elasticsearch-16350742201187653773/jna15603940895482760187.tmp
Reason: Linux Binary
Owner: elasticsearch:elasticsearch (992:985)
Action: No action taken
Thanks very much
Jerry