Skip to content

Add all files as a single field in alerts #115

New issue
New issue
Open
Open
Add all files as a single field in alerts#115
Labels
basecoreenhancementNew feature or requesthelp wantedWe think its a good idea but can't do this ourselves
@cccs-douglass

Description

@cccs-douglass
cccs-douglass
opened on Oct 18, 2023

To facilitate future analysis of alerts it would be interesting to include the root and all extracted files as a single elastic field in the alert.

There is a choice to be made whether to simply include the hash or whether this is a list of sub-documents that include the hash, size, type or other metadata about the file.

Metadata

Metadata

Assignees

No one assigned

    Labels

    basecoreenhancementNew feature or requesthelp wantedWe think its a good idea but can't do this ourselves

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions