Idea ID: 2872974

Improve parsing for WiNC connector

Status: Declined

Hello,

Unfortunately, the ArcSight Idea Exchange is not the proper forum for this. I realize you have already contacted Support. Please send me the support ticket number and I will look into it.

Thank you,

--
Prentice S. Hayes
Product Management | ArcSight
OpenText Cybersecurity

prentice.hayes2@microfocus.com

See status update history

Can you please update parsing for event ID 4771, to map IpAddress to sourceAddress? The reason for this is that the client address is viewed as a source address from the point of DC.
Currently, it's mapped to dCS3 field (conditionalmap[0].mappings[125].event.deviceCustomString3=IpAddress).
Basically, we would like to have it the same way it's made for event 4768 (as an example), where this information is mapped to sourceAddress: 
conditionalmap[0].mappings[122].event.sourceAddress=__oneOfAddress(IpAddress)

A support representative recommended submitting an idea on the Idea Exchange portal.

Thank you.

Parents Comment Children