SIEM log export missing the _id field
search cancel

SIEM log export missing the _id field

book

Article ID: 414185

calendar_today

Updated On:

Products

CASB Securlet SAAS CASB Security Advanced CASB Security Premium CASB Security Standard

Issue/Introduction

You need a filed to uniquely identify the exported CloudSOC Detect logs. You notice in the Detect management API export, there is the _id filed

{
"_id": XXXXXXXXXX_######",
"from_detect": 1,

..

}

but the same field cannot be found in the SIEM agent log export.

Resolution

The CloudSOC engineering team is planning to include the _id filed in the SIEM agent log export in 3.184.

Powered by Wolken Software