cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Max42
Level 7
Report Inappropriate Content
Message 1 of 1

Correlated event custom type aggregation

Hi,

I have a correlation rule based on different IronPort events with different signature ID's, and I group them with the "Message_ID" field :

1.PNG

 

In the ace correlation rule, I created a table view which lists me all correlated events :

2.PNG

 

If I click on the "+" sign on the left of each row, I got all my "source" events (5 for each correlated event) with associated custom types that I'm interested in (Source User, To, File_Name) :

3.PNG

 

The problem is that when I export all those data from this view, I only get correlated event rows in the CSV file, which does not contains custom types data. The associated "source events" are not exported.

4.PNG

 

I have the same behavior when I do the same thing with the report section inside system preferences.

Do you have any idea on how to export all data including source users, to and file names (from my 3rd screenshot) ?

 

Thanks in advance for any help,

Kind regards,

Max

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community