Highlighted
Absent Member.. HurolOnen Absent Member..
Absent Member..
1133 views

Custom Field Mapping

I try to map field ad.User:Account_,Name to the field flexString1 but couldn't manage.

Any help would be appreciated.

Thank you

Labels (2)
Tags (3)
0 Likes
Reply
3 Replies
ei-arcsight Absent Member.
Absent Member.

Re: Custom Field Mapping

Hurol,

I have done similar mappings for Symantec Endpoint and it worked. Try this from ESM;

Right click the WUC connector

Select Send command > Mapping > Map Additional Data Name

Enter these values;

Device Vendor: Microsoft

Device Product: Microsoft Windows

Additional data name: ad.User:Account_,Name

ArcSight field: flexString1

Just a note on your additional data name, this name needs to match the field in the Microsoft ad. attributes So if ad.User: is not part of the field name and just a prefix I would drop it and only use Account_Name. Also I notice a comma before name in ad.User:Account_,Name is that supposed to be there?

Hope it helps

Eric

0 Likes
Reply
Ignight71 Absent Member.
Absent Member.

Re: Custom Field Mapping

Hey Hurol,

  I just had a very similar problem with a syslog smartconnector not mapping a field I wanted. I could see the field in Logger but when it got to ESM the field was dropped. Here is my topic:

The solution for me was to create a tiny mapping file (2 lines) at a certain folder of the smartconnector. It seemed simple and worked for me. It is detailed here:

It's important that you map the original data field of the log, which for me was 'CmdSet' instead of 'ad.CmdSet'

Regards,

Aaron

0 Likes
Reply
xian-de.deng Absent Member.
Absent Member.

Re: Custom Field Mapping

hi eric:

   can I map deviceCustomString1 to the custom field on logger level?

regards

wilson

0 Likes
Reply
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.