Hi all, it is my first consultation, perhaps the answer lies elsewhere, but so far I have not found.
I wonder if it is possible to realize a parsing rule and then a view, where I show the categories of events blocked / allowed by the firewall (McAfee Firewall Enterprise ASP).
That is that you can show the category that appears in syslog as sf_cat
i.e : ...url = "http://www.mcafee.com/" result_code = 301, sf_cat = "Business, Software / Hardware" sf_action = ALLOW..."
Currently this event is detected by the parsing rule "McAfee_FW_Ent Net traffic - Session end", but nowhere shows me which category has this event.
from already thank you very much.