Topic
  • No replies
SystemAdmin
SystemAdmin
184 Posts

Pinned topic Parsing '0' (zero) via LSX when source and destination IP field is not available in payload

‏2013-02-04T10:29:15Z |
Hi,

Whenever Source and destination IPs are not available in payload Qradar shows same IP from where it gets event as source and destination IP which confuses to new users, how to parse either N/A or '0' (zero) as source and destination IP when payload don't have these information.

Thanks
Sunil -------Posted BY Sunil Nishankar