Is your feature request related to a problem?
Currently, field based correlation rules support in correlation engine is only supported for single field. In use-cases, where multiple field are required, one cannot use field based correlation rules.
What solution would you like?
Ideally, multiple fields in the correlation rule should be supported [if feasible.]
What alternatives have you considered?
NA
Do you have any additional context?
With the current implementation, we can create correlation rule with only one field and not multiple fields, however in certain use cases the rule needs to match multiple fields to accurately identify the correlation.
Is your feature request related to a problem?
Currently, field based correlation rules support in correlation engine is only supported for single field. In use-cases, where multiple field are required, one cannot use field based correlation rules.
What solution would you like?
Ideally, multiple fields in the correlation rule should be supported [if feasible.]
What alternatives have you considered?
NA
Do you have any additional context?
With the current implementation, we can create correlation rule with only one field and not multiple fields, however in certain use cases the rule needs to match multiple fields to accurately identify the correlation.