Open hitman28594 opened 3 years ago
Hello @hitman28594,
That sounds like a great idea, I have moved the issue to Waiting R&D. Our team will study it for future versions.
Thank you for your contribution.
Hi, has anything been discussed about this?
I was thinking a separate phase in analysisd for “post-decoding”
As well as the use-cases originally described, this phase could also be used for:
Ideally, this additional phase in processing would allow us to normalise data in a very powerful way and can also enable wazuh fields to be mapped so they can be integrated into/with other solutions much more easily (E.g sigma and other open source threat intelligence).
Hello Team,
Is it possible to have some additional options for the normalization of decoded fields (related to the issue raised in #140).
Use cases:
Ideally these additional functions would work in a similar way to how modsecurity implements it’s transformation functions: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-(v2.x)#Transformation_functions
Thank you for your continued support. :)