-
Notifications
You must be signed in to change notification settings - Fork 72
Home
Osmany Montero edited this page Feb 2, 2026
·
11 revisions
This wiki provides a comprehensive guide for the go-sdk and the EventProcessor ecosystem, including implementation of rules, filters, and custom plugins.
- Architecture Overview - How the system is built and integrated.
- System Components - Core EventProcessor and go-sdk integrations.
- Standard Event Schema - Comprehensive guide to the standard field mapping.
- Development Workflow - Steps to create new rules and filters.
- Implementing Rules - Creating analysis rules for threat detection.
- Implementing Filters - Building parsing pipelines for data enrichment.
- Filter Steps Reference - Detailed guide for all available parsing steps (JSON, Grok, etc.).
- CEL Overloads - Functional overloads for advanced expression language.
- Advanced Features - Nested correlation and multi-stage pipelines.
- Real-World Examples - Practical attack detection configurations.
- Integration Guide - Connecting with TI platforms, Slack, JIRA, and more.
- Performance & Troubleshooting - Optimization tips and debugging common issues.
- Playground - Testing rules and filters in an isolated environment.
- Tools Reference - Utilities like log-pusher and opensearch-fetcher.
- Custom Plugin Development - Building your own Go-based plugins using the go-sdk.
- Best Practices - Guidelines for high-quality detection logic.
- Community Resources - Getting help and contributing.