Open
Description
Motivation
Please look at this comment for context.
The concat(<item1>, <item2>, ...) transformer concatenates items (either a field or a literal string) given as arguments and returns a new string.
Its output can be utilized in two primary ways:
- In conditions for filtering.
- In the
output:field of Falco's rule.
One significant use case is concat(fd.rip, ":", fd.rport) in ("8.8.8.8:53","4.4.4.4:53") as reported by #1981
Feature
Implement the concat(<item1>, <item2>, ...) as described above.
The transformer should return a concatenated string.
Note: Implementing this transformer requires extending the current syntax to allow a variable number of arguments to be accepted by a transformer.
Alternatives
Please look at #1981 for more context on the evaluated alternatives.