search cancel

DCS events sometimes have a device_name field

book

Article ID: 175610

calendar_today

Updated On:

Products

ICDx

Issue/Introduction

Within Integrated Cyber Defence Exchange (ICDx), some events collected via the DataCenter Security (DCS) Collector sometimes contain a device_name field. Other events from DCS do not appear to have this field.

Cause

The DCS Collector included with ICDx 1.3 and earlier maps the operation field into a device_name field. Where the original event in DCS database has a null entry for the hostname, DCS Collector does not add a device_name field on the event within the ICDx archive for that DCS Collector.

Resolution

Please update to ICDx 1.3.1, where the DCS Collector maps the agent name to the device_name field when the hostname is null on that event when received from the DCS database.