There is an Out-of-the-Box (OOTB) Identity feed which can be configured
to create a recurring feed using Active Directory logs. This feed
provides added context to packet and log data for users in the
environment. The source ip (ip.src) is matched an...
The log sample I tested had SHA-1 hash value and I see that is parsing
correctly in "checksum” meta, so you may want to check if you are using
the latest parser or not. If you are using latest parser and still have
issues, then your logs might be a d...
Based on the sample logs i had, i can see that hash values are parsed in
"checksum" meta. Can you share the sample log by exporting from GUI and
we can check this further? RegardsAnkush
