We send Discovery Events, Intrusion Event Packet Data, Intrusion Events & Intrusion Event Extra Data using the estreamer client into our SIEM tool.
I cannot find the "Original Client IP" address field in my SIEM. Does the streamer client actually send this field?
I have it enabled in the HTTP pre-processor policy but don't see it listed as an option and I see the field populated in the Intrusion Events tab.