hayabusa icon indicating copy to clipboard operation
hayabusa copied to clipboard

Published 20 hours ago verified publisher icon Yamato-Security

Support for `Provider_name` and `Data[x]` notation to the field mapping

Open fukusuket opened this issue 9 months ago • 4 comments

Currently, the field mapping feature does not support following point:

  • Provider_name matching
    • e.g. Since the Application log has multiple Provider_names, we need to convert the field value only when the Provider_name matches.(in addition to Channel, EventID)
  • Data[x] notation filed mapping

We want to support following rule/field conversion, so I'll implement above point.

  • https://github.com/Yamato-Security/hayabusa-rules/pull/666

fukusuket avatar May 19 '24 07:05 fukusuket