I have a situation. I have to correlate events from a data source that generate data based in domain name, and a data source that only see Source IP or destination IP, for example a Firewall.
In Data Source 1, i see an event with Field Destination_Hostname: example.com
In Data Source 2. I see events with source IP: 184.108.40.206
I want to correlate this two events, Is it possible to transform example.com to 220.127.116.11 and use it in a correlation rule?.