Option to Embed Signature Events On Matched Derived/Sub Events #3500
Replies: 2 comments 1 reply
-
|
As far as callback or event hooks, lets say old school IRC Xchat, you could also control event propagation. I of course don't think that should be in the signature/extended events interface. I think allowing the abstracted/custom signature events to stop propagation (at first), as a signature source might be a needed performance optimization. It might be needed eventually. |
Beta Was this translation helpful? Give feedback.
-
|
Hi @jrmwooldridge this is actually going to be part of the new event structure (coming soon). Notice the "triggerEvent" field under the data section in the new struct: #2870 |
Beta Was this translation helpful? Give feedback.
-
|
Awesome!!! |
Beta Was this translation helpful? Give feedback.
-
Is there a way to embed or link the matched events with the generated signature event? Aka I would still like the matched event from a rego signature to output the raw data.
For example the ld_preload.rego signature won't output much info, like the important raw data in question.
Beta Was this translation helpful? Give feedback.
All reactions