F5 BigIP ASM categorization file

Document created by vip on Aug 23, 2011
Version 1Show Document
  • View in full screen mode

F5 BigIP ASM module can send logs using CEF format, but as for any CEF-format connector, there is no categorization so the default ArcSight content doesn't take these events into account. We also found out some messages have the same meaning but are not parsed the same way, which doesn't help categorization. This is why we created some additional map files to *correct* some fields.

 

Enjoy !

2 people found this helpful

Attachments

Outcomes