We had CyberArk Endpoint Privilege Manager and we wanted to take CyberArk logs. I couldn't find Data source model of this source model. I decided to write Advanced Syslog Parser. My parser works fine. I can see Custom Types working good.
I wrote 3 parser for test. And SIEM auto-learned 2 more types of log. Every log comes with the name "Unkown_0". Other things are working good.
We have upgraded to SIEM to new versions and this is the first time I am trying to write parser on new versions. Does something changed that I don't know. How can I write my parser name to Rule Message name.
You will want to verify the signature id from the event to the rule in policy. The other thing that could be happening is you could have too many rule names which sometimes happens and does not allow a new name to be created. Now if it worked previously and stopped working after you upgraded to 11.x then this could be something else and I would suggest you call support for assistance with the issue.