Hi all, I was wondering whether it is possible to have a conditional enrichment or not? Suppose I want to have the following enrichment:
If event_type == 'DDOS' and ip_dst_addr=='x.x.x.x' then alarm_status = true How can I set the enrichment configuration to handle this situation? Regards, Ali
