Open
Description
With the newest release of Connectors (7.11), ArcMC(2.90 and Logger(6.70) a new field is introduced.
The field itself is generated on the Connector, based on a unique ID per connector mapped to the CEF field "geid".
This ID is a way for all the products to have the same eventID throughout the portfolio, and it would be nice if we could reference the same ID in elastic as we do in ArcSight.
A suggestion would be to create a new indexed field called geid, leaving the current mapping as it is. Any comments?