dsiem icon indicating copy to clipboard operation
dsiem copied to clipboard

Published 20 hours ago verified publisher icon defenxor

Referring or matching custom_data fields from previous stages.

Open SridarSri opened this issue 3 years ago • 2 comments

Hi and Thanks in Advance,

Can we match custom data fields from previous levels as below? "custom_data1":":1"

Also, can we match other custom data fields in previous levels like below? "custom_data1":"custom_data2:1"

Please let me know.

SridarSri avatar Apr 21 '21 06:04 SridarSri

Hi,

We already implement the feature on #310, you can use this fixture as example. It uses same reference notation as in from and to field.

Currently, we have no support for matching other custom data fields, but we'll consider it for next feature.

rkspx avatar Jun 02 '21 05:06 rkspx

Thanks a lot. Please consider 2nd one also. Doing so Cross-Correlation can be achieved with DSIEM.

SridarSri avatar Nov 23 '21 10:11 SridarSri