Do you know how to implement the functionality of lists (for the purpose of exclusion/whitelisting) that contain multiple (two or more) fields (values) in each entry?
For example i need to have a list with the combination of destionation.ip and destination.port that my rule needs to include.
I was wondering if this is possible in elk and which is the proper way to implement this.
Thank you!