I collect log of FW checkpoint ,
i have problem as:
i delete object (host object) when at checkpoint has log:
but with log of checkpoint when delete any object : host, user, network... as delete object. I see at packet has:
ObjectType and ObjectTable are two variables i think has know i delete detail for object. It help get information for forensic . I define as custome type but when i use it at rule policy for correlation engine but it not run .when i recieve new log , custome type i define it have not Advanced Details.
Can you help me?