Highlighted
jasonkeemy
Visitor.
103 views

IDM 4.7 User Application via CEF - Missing fields

Hi all,

We managed to configure Sentinel 8.2 to collect User Application events (IDM 4.7), However, certain fields 

1. evtgrpid (TransactionID) - expected to be the requestID for each of the workflow

2. rv143 (ReservedVar143)  - expected to be the activity ID of each activity

3. sp (InitiatorServiceName) - expected to be the workflow CN

are not reflected in the Sentinel. Would like to confirm whether by updating the NetIQ_Identity.Manager.map with these fields would suffice. (We are in the midst of executing this).

I would assume the fields are still valid because it is still listed under Sentinel Event Schema in the latest SDK documentation.

Any form of advice are appreciated. 

 

Thanks in advance,

Jason

 

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.