Create variable from other variable's attributes

[pcoccoli]

You should be able to create domain-names from urls.

Similarly, if analytics generates new attributes (like the log4shell analytic pulling exploit URIs from artifact:payload_bin), you may want to convert those attributes to new variables. Extract hostnames from URLs, do name lookups on them, use TI with those IPs, etc.

Ideas:

• domains = NEW domain-name FROM urls.value
• domains = EXTRACT domain-name FROM urls.value
• domains = FIND domain-name IN urls
• domains = GET domain-name FROM urls.value

[pcoccoli]

After extracting the values, we probably want to propagate the relationship of the origin entities to the derived entities. E.g. if urls were a list of 3 entities, url1, url2, and url3, and those entities were contained in observations od1, od2, and od3, then any derived domain-name entities in domains should also be considered "contained by" those respective observations.