Hi guys, I dont understand what is product level mapping. Why it is needed? is the product information comes with events?
View files in slack
Page 1 / 1
Some connectors may report alerts from many different products. For example, you can send Cisco AMP and O365 alerts to your SIEM and use the ElasticSearch connector to ingest both types of alerts.
So the product information is present in the incoming event?
In the case of the Cisco AMP connector, it looks like its hardcoded in its
consts
file
View files in slack
Thank you
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.