cancel
Showing results for 
Search instead for 
Did you mean: 
tddhuy
Level 8
Report Inappropriate Content
Message 1 of 2

Custom Type Field does not work with Filter in the Correlation Engine

Hi guys,

I am trying to create a correlation rule that would trigger if the Risk Factor is over 60. Since the default Parser would not capture the Risk Factor, I created a ASP to capture the information from the log and a new custom field for it.

Firstly, I went to System Properties > Custom Types to create a Integer field, with Index option and named Risk Factor. The name in the pic below is not correct, but the setting is the same. I also check the Index Data Option.

Then create an ASP to capture the Risk Factor. Everything is working fine, the ASP capture the information and display it in the Custom Type Tab. I can run Filter and search for the Risk Factor value. No Issue here.

I create a really basic Correlation Rule that would Trigger if the Risk Factor is greater than 60.

Untitled01.png

However, when I try to roll it out, this is the error that I received.

Untitled02.png

I tried a lot of option in the custom field, filter... none is working. However, if I edit the ASP and map the information into an already-existed custome field, the correlation rule working fine. I firgured that the problem is the custom field that I created.

Anybody have any suggestion?

1 Reply
Highlighted
McAfee Employee siemchris
McAfee Employee
Report Inappropriate Content
Message 2 of 2

Re: Custom Type Field does not work with Filter in the Correlation Engine

Hi tddhuy

If you contact Support and let them know you have come across bug 31079  they will get you the latest 9.2.1 HotFix which has a fix for that bug.


Chris

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community