stephenb
February 18, 2025, 10:11pm
7
@arcsons
You already created a logs@custom when We work together on the enrichment.
You can just call the convert_to_ip from the logs@custom Just like you did the miter enrichment
Assuming you have the above working this is how we will call your enrich pipeline
We will follow the new framework here It refers to elastic agent but works with the data streams we created.
Your Existing enrich pipeline
PUT _ingest/pipeline/mitre_attack_pipeline
{
"description": "Pipeline to enrich MITRE ATT&CK fields",
"processors": [
{
"set": {
"field": "pipeline_name",
"value": "mitre_attack_pipeline"
}
},
{
"enrich": {
"policy_nam…
BTW @leandrojmp There is Not in integration for carbon black observations but I had him follow the framework.
1 Like