Hello All,
Is it already possible to create a DCM detection rule to look for a specific number of unique keywords from a bigger group of keywords? From what I see, and in past was not possible, we can create an incident if certain number of matches occur, but it means that if is the same keyword repeating the incident will get trigger as well.
As example
From the list of word : one, two, three, four, five ;
I want to create an incident every time at least 4 words are found, i.e. one two three five ;
And if for instance the keywords are: one one one three, no incident is trigger.
Well.. I know I could play around with detection combinations and compound it all in many rules... But would take ages since I have many keywords to detect.
Thanks a lot for your input.