I need a solution
Hello everyone,
we are using an ArcSight Smart Connector to pull all interesting SEP event information into our SIEM.
The Downloaded or created by field in SEPM is very interesting for our security analysts. I took a look in the Release Notes for SmartConnector version 7.12.0.8149.0 and it says that this field is supported, but I can't find it in the raw event details. Do I have to do something to get this kind of information into SIEM?
Do you have an answer for me? I will ask the support for ArcSight too.
SEPM Version 14.2.5569.2100
MSSQL Version 11.00.7462
Smart Connector Version (Linux) 7.12.0.8149.0
Kind regards
Dominik
0