Detections #161
Unanswered
ongyo-sensei
asked this question in
Q&A
Detections
#161
Replies: 1 comment
-
|
Now I understand I think. Detection code in Pyhton is called per table and implicit context is the table. There is no posibility to do some correlation between two tables and create advanced alerts in the Python code when combining two three or four different sources. Is that correct? |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi,
According to documentation it is implied that I can use multiple tables when defining detection. In YAML is also implied that I can use multiple tables while writing detection Python -> tables: node is an array.
Question is - how can I reference different tables when defining
def detect(r):function?And is there any documentation or link where param in function record from detect.py s defined with all functions?
I want to use two tables and detect different IP address from different sources for same user in given timeframe.
Hence the question.
Thank you
Beta Was this translation helpful? Give feedback.
All reactions