I've been trying to track some events on my network using McAfee ESM 9.4, but many of the events don't show IP address or MAC addresses. I've been trying to figure out a way to configure ESM to show them but haven't been successful. Anybody experienced similar or same problem? Anybody knows a solution?
What kind of data source created the events? Some data source logs may not have that information. Best bet is to look at the packet tab and see if the data is even available. Assuming that the data is available, you may need to create a custom parser for it if the portions of the data you want aren't parsing.