There is an Out-of-the-Box (OOTB) Identity feed which can be configured
to create a recurring feed using Active Directory logs. This feed
provides added context to packet and log data for users in the
environment. The source ip (ip.src) is matched an...
The log sample I tested had SHA-1 hash value and I see that is parsing
correctly in "checksum” meta, so you may want to check if you are using
the latest parser or not. If you are using latest parser and still have
issues, then your logs might be a d...