When working in the SIEM to review events and alerts, is it possible to provide a text or CSV file for specific fields? If so how is thsi implemented, is it advisable to use?
Use Case - Review firewall events for specific ssource and destinations based upon results of policy.
Data - Firewall logs, CSV of sources, CSV of Destination, specific action,
Results - looking for source, dest, protocol, port.
If I understand correctly, you could import the files in as watchlists and then use the watchlists as filters for your views.