Closed tg closed 3 years ago
AlphaSOC API now returns ConnID as part of the event header (mainly to support zeek's conn.id field). We need to include this field in the alerts.
ConnID
conn.id
AlphaSOC API now returns
ConnIDas part of the event header (mainly to support zeek'sconn.idfield). We need to include this field in the alerts.