[FR] keep "event source" & "event tags" in a database for re-use
hasamba opened this issue · comments
event sources for me are usually : SIEM, EDR ....
sometime i write the name of the EDR, sometime the company name and sometime EDR,
i think it should be kept across all cases for consistency
same for event tags, usually event tags are repeated between cases.
thanks