Idea ID 2867045
When migrating to the new Foundation content, the categorization is badly needed as it is widely used there.
We found out that Fortinet events sent by FortiAnalyzer in CEF format do not have categorization at all.
It seems to be an issue for more vendors, but this one is missing all categories at all.
This seems to be an issue for a longer period and for more customers therefore we would really appreciate as ArcSight is now relying on categories in their default content to make this right.
Example of older discussion about the same topic from other customers:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.