Hey, I want to output (with outcome section) the exact value for the repeated field (e.g. target.ip) that was found in the data table with IN operator.

Is it even possible? Maybe you have some suggestions?

Example rule:

rule rule_name {
  meta:
        severity = "MEDIUM"

    events:
        $e.metadata.event_type = "NETWORK_CONNECTION"
        $e.target.ip = $target_ip
        $target_ip IN %dt.ioc

    outcome:
        $matched_value = ? // one of the IPs from target_ip that was actually found in data table

    condition:
        $e
}