Hi,
I have integrated a Syslog SIEM with the Cloud Exchange Log Shipper module, and everything is working fine. However, in the mapping file pushed to the SIEM, I’d like to include the User Group information from the alerts/events, and I can’t figure out how to do that.
When I check the Mapping File Wizard to edit an existing mapping—or even when creating a new one—I can't find any “Netskope Field” that corresponds to the User Group attribute of the generated alerts/events. I need to send that attribute to the SIEM.
Does anyone know how I can map it?
Thanks in advance.
Regards
