attack_data icon indicating copy to clipboard operation
attack_data copied to clipboard
verified publisher icon splunk

Rewrite hostnames

Open inspired opened this issue 3 years ago • 0 comments

The current code allows us to update timestamps to current time via update_timestamp: True. Could we also have a similar parameter to update the host before indexing in Splunk? Certain detections may rely on the host field or only trigger on activities happening on multiple hosts.

inspired avatar Mar 03 '22 08:03 inspired