000017442 - Device IP meta field does not show Windows Eventing host source IP address in RSA Security Analytics

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000017442
Applies ToRSA Security Analytics
IssueDevice IP meta field does not show Windows Eventing host source IP address in RSA Security Analytics.
User sees log messages being collected, but they do not contain the source IP address, which normally are expected to be seen under the Device IP meta key.
ResolutionFor Windows Eventing collection, the Security Analytics Log Collector does not extract the Device IP address from the collected messages.
Rather, the Device IP value is determined by examining the Security Analytics Windows Eventing host configuration.
If hosts are configured with an IP address, those value are populated under the Device IP meta key.
However, the Device IP meta key will not show any IP addresses for hosts that are configured using a hostname instead of a IP address.
Legacy Article IDa64843

Attachments

    Outcomes