|Applies To||RSA Security Analytics|
|Issue||Device IP meta field does not show Windows Eventing host source IP address in RSA Security Analytics.|
User sees log messages being collected, but they do not contain the source IP address, which normally are expected to be seen under the Device IP meta key.
|Resolution||For Windows Eventing collection, the Security Analytics Log Collector does not extract the Device IP address from the collected messages. |
Rather, the Device IP value is determined by examining the Security Analytics Windows Eventing host configuration.
If hosts are configured with an IP address, those value are populated under the Device IP meta key.
However, the Device IP meta key will not show any IP addresses for hosts that are configured using a hostname instead of a IP address.
|Legacy Article ID||a64843|