Whenever Source and destination IPs are not available in payload Qradar shows same IP from where it gets event as source and destination IP which confuses to new users, how to parse either N/A or '0' (zero) as source and destination IP when payload don't have these information.
Sunil -------Posted BY Sunil Nishankar
This topic has been locked.
Pinned topic Parsing '0' (zero) via LSX when source and destination IP field is not available in payload
Answered question This question has been answered.
Unanswered question This question has not been answered yet.