You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The old idea of having a pipeline object would solve it. It would have a derived flag to be checked.
So when ingesting an event from a file can we by default mark it as "resolved" "derived" or whatever? Because consider that a usecase of analyze is exactly testing new signatures and event derivations.
So when ingesting an event from a file can we by default mark it as "resolved" "derived" or whatever? Because consider that a usecase of analyze is exactly testing new signatures and event derivations.
I suppose so, since they're the final output from pipeline already - or am I missing some corner case?
So when ingesting an event from a file can we by default mark it as "resolved" "derived" or whatever? Because consider that a usecase of analyze is exactly testing new signatures and event derivations.
I suppose so, since they're the final output from pipeline already - or am I missing some corner case?
That we would miss these events in the context of testing new signatures/derived evens/general affects of "plugins", which is one of the point of (what was) analyze.
The text was updated successfully, but these errors were encountered: