When searching ICDx for specific Data Center Security (DCS) events, the unique event id in DCS is not findable in ICDx. The ref_uid field instead contains the windows event id rather than the expected DCS event id.

This is a known issue with the ICDx 1.3.1 DCS collector.

This issue has been addressed with ICDx 1.4. Please upgrade to the latest version of ICDx to remediate.

The windows and DCS events will be logged to the following attributes:

ref_uid: DCS event ID
message_uid: Windows event ID