I have a customer that is trying to create his own template in NetWitness to forward to SIEM. He is looking for the corresponding SIEM names in the parser that correspond to those from NetWitness
in NetWitness template, #ip.src represents the SRC IP which appears to be SRC in the ESM packet data for that event.
Is there a document or a way within the SIEM to see what variables are used in the out of the box NetWitness Parser?
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center
2821 Mission College Blvd.
Santa Clara, CA 95054 USA
Consumer Support | Enterprise Support | McAfee.com
Legal | Privacy | Copyright © 2019 McAfee, LLC