I have an issue with a datasource, the device is sending logs in CEF format and is logging the events but the SIEM only grabs the basic fields and there are more fields that I would like to view. For example the event only has IP, Port, action and host. But In the log I have Interface, Profile, Category, Vlan, etc..
Does anyone knows how can I add these extra fields to the event, is it with custom parsing?
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.