We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement support for the ability to compare fields to each other both within single observables and between multiple observables:
[user-account:action = 'login'] AS INITIAL FOLLOWEDBY [user-account:action = 'login' AND user-account:user_id != $INITIAL:user_id] WITHIN 3600 SECONDS
or some simpler analytic conceptually similar to the following.
[process:pid = process:ppid]
The text was updated successfully, but these errors were encountered:
wiki proposal: Property Comparison Proposal
Sorry, something went wrong.
No branches or pull requests
Implement support for the ability to compare fields to each other both within single observables and between multiple observables:
[user-account:action = 'login'] AS INITIAL FOLLOWEDBY [user-account:action = 'login' AND user-account:user_id != $INITIAL:user_id] WITHIN 3600 SECONDSor some simpler analytic conceptually similar to the following.
[process:pid = process:ppid]The text was updated successfully, but these errors were encountered: