I'm running ELK stack version 7.11.2.
I want to ingest AWS GuardDuty alerts, these have severities defined:
basically values between 1.0 and 8.9 mapping to different severity rules.
These I've mapped to event.severity.
Now for signal rule detection, I wanted to override the default severity,
and was wondering how to give a range in order to map the GuardDuty
severities to Kibana SIEM severities?
I could do so in Logstash, create a new field, and use that in the severity
override, but thought there might be a way to do so in Kibana?