Hello,
I have an MDS setup with and MLM applicance. I have a problem in the IPs logs when I forward them using CEF format.
I have the standard file "CefFieldsMapping.xml" under "/opt/CPrt-R81.10/log_exporter/conf"
When I get an event that shows on Sentinel with DeviceProduct as SmartDefense and DeviceEventClassID as IPS I don't get any information from Forensics detail or Advanced Forensics detail.
I get other fields like the Ip addresses CVE action source system... but no forensic information.
Is there a possibility to forward that missing part of the logs?
Kind regards.