I have an interesting use case that I need a solution for.
Use Case: Need to identify if user credentials are contained in the url string of a web request.
Log source : proxy logs
Requirements : Want to build an app rule to leverage to query/reporting/esa rule usage that looks at, and identifies if the user requesting the web request (user.src) is contained within the URL string of the webrequest.
The problem is that i'm not sure if its feasible within this product to do lookups of tags within another tag?
So essentially, i'd want to do an app rule that does this, but not sure if possible. The contains only allows for string matches right? Not tag values?
user.src tag is contained within the URL tag?