Can anyone tell me, how should I use this document? Well, besides a manual reference.
This information should be used as a map file on a Stonesoft Syslog connector because the raw syslog event does not contain some important information.
I'm not sure about Syslog CEF connector though, maybe it does not have that limitation.
Well, but there is no dedicated Stonesoft connector, there is support of CEF from SMC side, so you use regular syslog connector for that.
Syslog is a transport, both connectors are just SC Syslog subparsers. AFAIK Stonegate SMC has two ways of forwarding events:
It is impossible to include some event details you are able to see in SMC web-console in syslog custom format. This map file is just a workaround for this issue.
My point - it's possible (however not very likely) that while implementing CEF format Stonesoft dev team could have added missing event details to CEF message.
Nope, they didn't, unfortunately.
Retrieving data ...