Yes, this works for mine. See screenshot below. But is there a way to bring the rule logic over to the nDepth search so that I can do a historical search of all events that would match that rule logic criteria? I would like to be able to do this for 2 reasons. 1) Tune my existing correlation rules to eliminate noise and 2) Test new correlation rules without having to implement them then wait for them to fire to see if my results are what I expected to see.
