Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi, we have a Stealthwatch 7 deployed. We send the events to QRadar and in QRadar we receive this kind of log: (...)<110>Mar 04 14:23:01 vap11039 StealthWatch[4925]: LEEF:2.0|Lancope|Stealthwatch|6.8|51|0x7C|src=10.90.7.10|dst=0.0.0.0|dstPort=|proto=...
Yes, but there is something strange. Taking logs in another way (if you need more technical detail I will ask to the collegues) we see this events:(...)<134>LEEF:2.0|Lancope|Stealthwatch|0x7C|src=10.90.5.157|dst=10.91.17.0|dstPort=7680|proto=tcp|msg=...
Okay, but what I don't understand is: if I look in the console I see this flows, I think the flow of the event is the one higlited in red in the attached image. If I am right, for every row in the console there is a log row, right ? Thank you P.S. Wh...
