No that I am aware.
But you may want to add them into the "Unknown events" bucket (set a data source "Support Generic Syslogs" to "Log "unknown syslog" event").
I did it already. I would like to export only all uknown messages to one file. I was possible to do on RSA enVision SIEM product. I do not understand why such simply option is to availalbe on McAfee....
Maybe someone else know how to do this? Support suggest mi to open PER case which is totaly absurd in current situation.
I need to start few PER case to complete another one..... ah....
I'm affraid PER is the way to go...
I happened to have asked a similar question, that is, to be able to see what rule is triggered by a particular log line without having to search for any particular field of re-ingest the line and I was told to add a fake data source and all source of bizarre recommendations.