Hi everyone,
I have set up a log threshold rule to retrieve incoming suricata alerts data and send them to another tool using a webhook action.
I tried accessing available variables using mustache such as {{#context.alerts}}{{.}}{{/context.alerts} or {{#context}}{{.}}{{/context}} but nothing shows or the variables are just rule related, I feel like I am very constrained in the variables I can use, exept from the one I can access though the scrolling menu when setting up my action body.
Is there a way to get variables such as suricata.eve part (source ip address and stuff like that), as I would do using {{context.hits}} or {{context.alerts}} in other rule types ?
Thanks in advance