Suricatavel LEEF (Log Event Extended Format) Extension Mapping Reference
========================================================================

Suricatavel enriched alerts in LEEF format are structured as follows:

LEEF Header:
LEEF:2.0|Suricatavel|Suricatavel|1.0|{signature_id}|

LEEF Custom Enrichment Field Mappings (tab-separated key-value pairs):
----------------------------------------------------------------------

1. GeoIP Source Country
   - Key: suricatavel_geoip_country
   - Example: suricatavel_geoip_country=US

2. AbuseIPDB Reputation Score
   - Key: suricatavel_abuse_score
   - Example: suricatavel_abuse_score=85

3. VirusTotal Detection Count
   - Key: suricatavel_vt_malicious
   - Example: suricatavel_vt_malicious=12

4. Extracted Indicator of Compromise (IOC) Type
   - Key: suricatavel_ioc_type
   - Example: suricatavel_ioc_type=domain

5. Extracted Indicator of Compromise (IOC) Value
   - Key: suricatavel_ioc_value
   - Example: suricatavel_ioc_value=malicious.xyz
