fix: adds lookup_keys for cisa_kev enrichment table

matanolabs / matano

Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS

https://matano.dev

Apache License 2.0

1.42k stars 98 forks source link

fix: adds lookup_keys for cisa_kev enrichment table #166

Closed rileydakota closed 12 months ago

rileydakota commented 1 year ago

Based on https://www.matano.dev/docs/enrichment/lookup-data - it looks like lookup_keys needs to be specified in order to be able to lookup against the enrichment table in our python rules and VRL. Adding this to the managed enrichment definition for cisa_kev

rileydakota commented 1 year ago

Assuming my assumption above is correct, looks like the other managed enrichment tables need their lookup keys specified too? I'd be happy to include those in this PR if appropriate

Samrose-Ahmed commented 12 months ago

Great, I'll do a quick check, we may not be merging these in when using a managed enrichment table right now, should add that for convenience.