|Applies To||RSA Product Set: Security Analytics, RSA NetWitness Logs & Network|
RSA Product/Service Type: SA Event Stream Analysis
RSA Version/Condition: 10.5.x,10.6.x
O/S Version: 6
|Issue||Enrichment Sources can be added to an ESA rule by following the SA user guide.|
However, the additional information does not get added to the Syslog notification.
|Tasks||Modify Syslog template to include the additional data from the Enrichment Sources.|
|Resolution||In order to add the information included by an Enrichment Source, please follow the steps below:|
With a csv file containing the following information-
address string,criticality integer,department string
and Criticality=<@event_meta_last "TestEnrichment"/> <#t> added to the syslog template, the following line will be added to the syslog message.
... Criticality=address=10.10.10.1;criticality=1;department=SALES ...