In my company's SIEM, there is a significant amount of traffic with service type = OTHER.
What is the significance of all this traffic? Is there a way to correctly link device ips to the correct service type? I tried following this documentation (Decoder: Map IP Address to Service Type ), but it doesn't seem to work properly.
Any advice or help is greatly appreciated!