I would add some sort of exception or separate workflow for IDN domains
(cyrillic, arabic, chinese etc.), basically that a bit differently
anything what starts with xn-- as this sign of IDNA encoding
Well, NW is realy need normal asset database interconected with all
other services (ESA/RE/Respond) but seems like they still don't have
it... anyway, you can try to find workaround and use what they have... -
If you need Assets information easyly ac...
Had the same issue, and found the solution digging in SAIM normalization
scripts. In your step b, you passing to generateFlattenedColumnValue
values from normalized.eventsnormalized.groupby_threat_desc =
Utils.generateFlattenedColumnValue(normalized....
I guess you can try to use pattern rulesomething like: @RSAAlertSELECT *
FROM PATTERN @SuppressOverlappingMatches [ EVERY /* 10 events */ [10]
a=Event (event.x = "something" && device.type = "smdevice") -> ( /*
Folowed by event */ b=Event (device.typ...
