CiscoSecurity/fp-05-firepower-cef-connector-arcsight

CEF adapter correction needed for bytesIn and bytesOut fields

Ahcene-Oubagha opened this issue · 0 comments

Ahcene-Oubagha commented

in script fp-05-firepower-cef-connector-arcsight/estreamer/adapters/cef.py

The below lines must be corrected :

210 'initiatorTransmittedBytes': 'bytesOut',
211 'responderTransmittedBytes': 'bytesIn',

to :

210 'initiatorTransmittedBytes': 'out',
211 'responderTransmittedBytes': 'in',

since ArcSight CEF format uses short names :
"in" instead of "bytesIn' and "out" instead of "bytesOut"

bytesOut and bytesIn are usually used in flex connectors, logger searches and/or ESM rules....