I am looking to create a way to track multiple types of events across different sources. For example, where 'web' is a parent and things like 'attack', 'browser', 'misc', etc could be children. The children might also have children.
Multiple events might cross between different parents and so on. I am a little confused on where to even begin with it.
A quick example of the type of nested tagging I am looking to do is below. Ideally I'd like to be able to search these tagged events using: tag::web, tag::web::attack, tag::web::attack::sqli, etc.
Should I be using eventtypes or tags for this type of tracking?
If so, what's the best way to build the tags or eventtypes for multiple 'nested' events like this?
Thanks in advance!
web
attack
sqli
xss
csrf
misc
info_disclosure
sensitive_data
spider
... View more