ArcSight ESM 7 Patch2 - NULL values in Event Graph
Recently I have upgraded the ESM 7 Patch1 to ESM7 Patch2 in order to avoid a bug with NULL values in Bar Charts and Pie Charts detected in ArcSight Command Center.
After the upgrade and while I am trying to create "Event Graph" Data monitors I am observing several NULL values when choosing different fields.
- Filter with base events
-Source Node Identifier - AttackerGeoCountryName
-Event Node Identifier - categoryTechnique (NULL issue)
-Target Node Identifier - targetPort
Changes in Event Node Identifier:
DeviceEventClassId --> NULL
DeviceProduct --> NULL
Name --> OK / NOT NULL
So, may the issue related with the fact that the Event Graph accepts specific ArcSight fields and is not a bug? Is there a list with the fields that Event Graph accepts?
Just also to mention 2 things:
- All the fields populated normally in an Active Channel
- The issue is both on ArcSight Console and ArcSight Command Center