izar
Add Exclusion logic for Threats?
Does it make sense to have two conditions and inclusion and exclusion? I think this will simplify more complex conditional logic.
Rather than having to make a complex logic to handle inclusion and exclusion I think there could be value in having two separate conditions that should be written to return true. First loop thru the elements and apply the inclusion condition then apply the exclusion before returning.
It was late so maybe this isn't needed but seemed like it was helpful when I tried to add logic to check if the dataflow source or sink were of a datasource then call a datasource getter it seemed overly complicated to handle the inclusion and exclusion in one condition.
If we start adding different dict like datastore.type (file, database, registery) then the logic can get more complicated.