So i configured my plugin and it works, i can see the events in "analysis >> security events (SEIM)>> filter by plugin"
for some events i was able to configure source ip, normalize_date and username.
my question is.. how to make these events appear under "environment >> assets >> 'my asset in question' >> events "
is there any data that has to match in order to assign that event to my asset??