elasticmachine
commented
3 years ago Pinging @elastic/kibana-security (Team:Security)
Open ansell opened 3 years ago
elasticmachine
commented
3 years ago Pinging @elastic/kibana-security (Team:Security)
elasticmachine
commented
3 years ago Pinging @elastic/siem (Team:SIEM)
Describe the feature:
I would like a way to enrich detection events using processors. In particular, I would like to enrich detection events generated from threshold rules, where only a single source field is passed through to the detection event from the original document set.
Describe a specific use case for the feature:
In my specific case, I would like to process threshold detection events that rely on a single IP address field to add geoip processed fields to the event so that I can triage the threshold detection events more efficiently based on noticing geoip related patterns, as I do already with non-threshold IP events.