Click here to view the original link.
I am considering how to tune noise out of a stream of data in a route. I started with:
source == 'pan' && _raw.includes('THREAT,vulnerability') && !(_raw.includes('SMB: User Password Brute Force Attempt(40004)') && raw.includes('adm<user>'))
However, I can forsee this getting to be pretty long and granular.
There must be a better way to architect this. Any suggestions?
