Sound likes a better way to collect web server log and get most information from web browsing traffic is using ADM.
Is that the recommended way to collect web browsing information for McAfee SIEM solution?
On the other hand if access log is the only thing we have, how can we get most information out of them?
For example, extract URL and User Agent will be useful information.
Another thing I just wonder is why don't we use the same custom type for URL for both event and flow?