The Event Transformation Action has several modes that modify the contents of incoming Events.
Use the Event Transformation Action to adjust formatting of incoming Events for further downstream processing. For example: extract all URLs from an email body; emit individual Events for all IP addresses from a SIEM alert; find all email addresses in a Pastebin post; ignore duplicate events.
Features
The Event Transformation Action has several modes of operation: