is it possible in security analytics(packet capture)to trigger a specific event for a specific IOC like'22.214.171.124' & 'ptsecurity.com'?
Decoder: App Rules Tab
Please use the App rules.
The way should be:ip.dst='yourIP' && url='ptsecurity.com' --> This triggers an alert on alert.id with the name you specify in the apprule.
To find the correct syntax investigate the meta from the investigator select them and then do copy and paste.
if possible would you please share the correct syntax,then will replace that with the IOC i have?
Retrieving data ...