Sentinel provides the ability to use mapping to inject additional information into events. This increases Sentinel’s ability to analyze events, execute correlation rules, or provide detailed reports.
Section 11.1, Overview
Section 11.2, Default Maps
Section 11.3, Accessing Map Definitions
Section 11.4, Adding Map Definitions
Section 11.5, Adding a Number Range Map Definition
Section 11.6, Updating Map Data
Section 11.7, Using Maps for Event Configuration
Section 11.8, Renaming Event Fields