How can I set YARA-L rule severity using a UDM field from the matched events, such as security_result.severity?
Solved
YARA-L Rule Severity based on the value of an UDM field
+8- Silver 2
Best answer by cmmartin_google
No, not at present. You would need to set Severity as a custom Outcome variable; however, I checked with our Product team and this is scheduled for the mid term, and as an indicative estimate could be available by end of Q1 next year.
+11No, not at present. You would need to set Severity as a custom Outcome variable; however, I checked with our Product team and this is scheduled for the mid term, and as an indicative estimate could be available by end of Q1 next year.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.