IDM 4.7 User Application via CEF - Missing fields
We managed to configure Sentinel 8.2 to collect User Application events (IDM 4.7), However, certain fields
1. evtgrpid (TransactionID) - expected to be the requestID for each of the workflow
2. rv143 (ReservedVar143) - expected to be the activity ID of each activity
3. sp (InitiatorServiceName) - expected to be the workflow CN
are not reflected in the Sentinel. Would like to confirm whether by updating the NetIQ_Identity.Manager.map with these fields would suffice. (We are in the midst of executing this).
I would assume the fields are still valid because it is still listed under Sentinel Event Schema in the latest SDK documentation.
Any form of advice are appreciated.
Thanks in advance,