Is there a standard CEF Parser available in Security Analytics? We want to parse CEF over rsyslog.
I've extracted the cef:xml from RSA Live.
But there are just <Messages> sections for rsaecat, rsaflow, netwitnessspectrum & bit9.
What does the section <ExtensionKeys> achieve in that parser?
Does anybody has a good example for that CEF extensions?