AnsweredAssumed Answered

CEF Log Service Parser in Security Analytics

Question asked by David Mechsner on Jan 14, 2015
Latest reply on Jan 14, 2015 by Guy Williams

Is there a standard CEF Parser available in Security Analytics? We want to parse CEF over rsyslog.


I've extracted the cef:xml from RSA Live.


But there are just <Messages> sections for rsaecat, rsaflow, netwitnessspectrum & bit9.

What does the section <ExtensionKeys> achieve in that parser?


Does anybody has a good example for that CEF extensions?