I faced the following situation, where I have Cloudguard SaaS in the environment it has been configured so that logs are sent to the manager - SMS (Security Management Appliances).
And all the content concentrated in this SMS: Cloudguard logs + logs from the Firewalls, are sent to the NW decoder.
But checking these logs received from the decoder, I could not so far find an item/flag/character that can differentiate between the two solutions.
I have checked in the investigate, in the parser checkpoint that is configured but without success.
Has anyone encountered a similar situation?
I appreciate any support,
Paulo de Freitas Jr.
