Events with unexpected attribute names that begin "_f#" are forwarded from ICDx
Article ID: 220280
Updated On:
Products
Endpoint Protection with Endpoint Detection and Response
Issue/Introduction
You have noticed that some logs forwarded from the Integrated Cyber Defense Exchange (ICDx) have strange attribute names that start with the character sequence "_f#".
Environment
Release : ICDx 1.4
Component : archiver, forwarder
Cause
The issue occurs due to timing between the collection, archiving, and forwarding of events.
Resolution
This is a known issue that is currently being investigated by the ICDx development team. This article will be updated when more information is available.
Feedback
Yes
No
Powered by
