2016-02-03 03:58 PM
Hello,
Today i tried to do so, following by the value i saw in the UCF xml
it looked like
"generic.rawalert"
I tried adding it to the JSON script and for some reason, it just stopped the SA-IM from receiving incidents
the reason why i did that was because (obviously) the default one didn't bring the raw meta into Archer as it is supposed to do, and its obvious that the point of failure is the SA-IM JSON Script
UCF is configured well and Archer too
Feel free to share ideas or a solution for that as a lot of customer will probably want that option
Thanks !