recently one of my customers wanto to add a Microsoft System Configuration Center Manager to Netwitness 10.6. He made the configuration of the mssccm server and I have done the configuration of the collection. Everything seems to be working fine but when I want to view the events, I saw the parser only parse a few metadatas and almost all of the raw message is placed to the event.desc meta lossing sight about the source username, destination username and the action taken.
Could anyone tell me if there is something wrong with the parser or is just the way of that parser works?
These are two screenshots of an event (account modification) where you may see user dst, user src and roles, but no one of this data is parsed well
![2018-09-07 15_48_36-[INV] _SA - Broker_ Event List.png](/t5/image/serverpage/image-id/19708i2643DE29057B48EB/image-size/large?v=v2&px=999 "2018-09-07 15_48_36-[INV] _SA - Broker_ Event List.png")
![2018-09-07 15_47_42-[INV] _SA - Broker_ Event List.png](/t5/image/serverpage/image-id/19706i64C41BEB96D4766F/image-size/large?v=v2&px=999 "2018-09-07 15_47_42-[INV] _SA - Broker_ Event List.png")
thanks in advance for your help
