This repository has been archived by the owner on Aug 5, 2024. It is now read-only.
Request: Flatten JSON for easier parsing in 3rd Party SIEM's #9
Assignees
Labels
enhancement
New feature or request
Comments
|
I'll look into this, one issue I foresee is that the XML event data may contain duplicate elements. That means I will need to add a function which goes through the event and removes those elements. I can do that but I'm not sure what the performance overhead will be if you are collecting from a high volume source. (Maybe I can add a flag to toggle on and off?) |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
If we flatten the JSON, it makes it easier for 3rd party SIEM's to parse the data. See if you can flatten it without having nested json in a clean manner.
The text was updated successfully, but these errors were encountered: