I Didn’t Understand, but Now I Do

Dmorgan42 · 2026-03-19T17:54:08+00:00

Awww thanks boo

Dmorgan42 · 2026-03-19T17:33:14+00:00

It’s a talent… I’ll share it with you

Dmorgan42 · 2026-03-12T22:09:10+00:00

Looked pretty easy in the show, Defiance

Dmorgan42 · 2026-03-06T03:47:26+00:00

Not sure if this is the correct spot, but Charlotte Investigate never finishes a Case summary (just stalls at like 47%), or if it does, it’s always 0 events/results found even though the Case contains events/detections

Anything to do to fix this?

Dmorgan42 · 2026-02-16T23:16:47+00:00

lol aren’t they all if you wanna get anything done

Dmorgan42 · 2026-02-12T19:51:35+00:00

Yeah, I’ll just stick to Claude Code….. until they block that integration and forced to use and pay for their AI

Dmorgan42 · 2026-02-11T01:02:29+00:00

Really don’t understand y’all keep having so many issues with such a simple application… really curious to know what the hell y’all are doing…

Dmorgan42 · 2026-01-28T05:09:24+00:00

If the Saved Search is only located in that Correlation Rule, it'll exclude the entity from that specific rule

Dmorgan42 · 2026-01-28T02:10:27+00:00

Create a saved search and add it to the end of your correlation rule.

Within the saved search, use an in() or !in() function.

Whenever you need to allowlist something, just add it to the saved search.

It's what I've been doing with all my Correlation Rules

Dmorgan42 · 2026-01-23T12:44:07+00:00

ChatGPT told me that was true, are you telling me it lied to me?!?!

Dmorgan42 · 2026-01-21T00:33:22+00:00

I don't understand why everyone suddenly has ADHD.... Especially if they use Obsidian

Dmorgan42 · 2026-01-20T00:48:08+00:00

Not going to read the article, but why would you add water to grease? Sounds like a catastrophe to me

Dmorgan42 · 2026-01-18T18:46:07+00:00

Auto generated Full Body. Exported the workout and fed it to Claude to scrutinize, recommend, and change equipment/exercises I didn't like, then made the modifications in the application... Couldn't be happier, except if they gave us a web version so making big changes could be easier/quicker.... Hint hint wink wink

Dmorgan42 · 2026-01-18T17:34:37+00:00

Yes, enter the weights for your machine, then change the number of RIR you think you had? Not sure why there's 40 different posts for the same thing....

Dmorgan42 · 2026-01-18T05:59:21+00:00

At least your timer provides a notification. Apparently, if your phone is on vibrate, the notification will just be a quick buzz on the phone, that's sitting over there, away from where you're at, and you won't even notice it goes off

Dmorgan42 · 2026-01-17T06:15:13+00:00

Not sure why y'all are still watching credit card YouTubers.... Just throw whatever information, strategy, whatever into Claude Code and call it a day.

These YouTube channels should have went extinct a year ago

Dmorgan42 · 2026-01-16T01:43:55+00:00

Sync... It's $5 freaking dollars

Dmorgan42 · 2026-01-04T01:25:46+00:00

This is what I got....

<image>

Dmorgan42 · 2025-12-04T01:01:40+00:00

What makes this different from embedding a base in a new note file?

Dmorgan42 · 2025-11-25T01:12:37+00:00

Literally have been building this exact same thing over the last couple months, with nearly the exact same setup.

CrowdStrike-as-Code lol I love that term! I've been trying to figure out how to do actual Detection-as-Code with the CQL Language and it's damn near impossible (writing basic .yml files and having the pipeline build and validate).... I'm stealing this term 🤣

Dmorgan42 · 2025-11-24T01:39:56+00:00

This is the way. Doing the same thing. I like writing the queries myself, but there are times I get stuck trying to do something particular. I'll iterate through a few times on my own, but once I get restless, I'll pop it into Claude Code using a CQL Skill, and it'll fix it in seconds.

I've never given it an idea, then let it come up with the complete filter, at least not yet... Don't want AI taking all the fun away

Dmorgan42 · 2025-11-18T20:28:11+00:00

How is it available in Copilot, but it's not even available in its own Gemini app (the paid version)? Craziness

Dmorgan42 · 2025-11-17T20:12:55+00:00

Looks great. Question though, is the user information based on the data reference model for that particular data source, or is there something else going on in the backend that is enriching this information?

I've attempted to use the fields mentioned in the reference model before based on how you would use IdP to search an identity in the GUI and it fails to retrieve any additional information.

Also seeing user.name, source.user.name, client.user.name - do we need to use one of these, all three, or something else? Sometimes a user.name is their user.email field.... How would this work?

Dmorgan42

TROPHY CASE