I wish to create a list of alarms in my system and in of the fields I wish to write down under what tag that alarm is. Lets say I tagged "Brute force" as "Access" - Is there a way for me to have that as a field in a CSV (As in for each line containing "Brute force" as the alarm name there will be a field called "Tag" which will say "Access") ?
I think you should be looking at Normalization. It is a somewhat manually intensive process to ensure all eventIDs are normalized correctly, but after that you can make correlation rules which are (mostly) vendor and platform agnostic.
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.