Is your feature request related to a problem?
Currently, there's no built-in correlation rule capability to automatically identify when field1 from index1 and field2 from index2 have the same value and trigger security alerts based on this correlation.
What solution would you like?
To be able to define a correlation rule that can generate correlated findings when field1 from index1 and field2 from index2 have the same value.
What alternatives have you considered?
Tried all features in alerting and security analytics. None of the feature supports this.
Is your feature request related to a problem?
Currently, there's no built-in correlation rule capability to automatically identify when field1 from index1 and field2 from index2 have the same value and trigger security alerts based on this correlation.
What solution would you like?
To be able to define a correlation rule that can generate correlated findings when field1 from index1 and field2 from index2 have the same value.
What alternatives have you considered?
Tried all features in alerting and security analytics. None of the feature supports this.