Does watcher support EQL or SQL type syntax? it is too complex to understand DSL if someone else have written it in watcher and it recurses on and on in DSL
if watcher doesn't support a simplified language, What is the strategy of running searches in scheduled manner in ELK? will this be watcher or any other methods? I can see the new SIEM modules have EQL formatted search, just checking is that kind of functionality available for watcher?