Event Query wildcards
Does anyone know if wildcards characters can be used in Event Query Wizard in SSIM 4.5 and/or SSIM 4.6?
I am trying to create a simple report based on "Top 10 Machines with Virus Infection" but I want to display only hosts which matches following template: DCK*
So far I have not been able to get this to work.
When I create a correlation rule in event criteria "matches" and "doesn't match" operators are available, but those operators aren't allowed in Query wizard.
Is it possible to change this?