Extending Formats to Include Additional Information
By default, each format sends data based on the different SIEM vendors' best practice. You can enrich the format by adding additional fields.
Adding Custom Mapping
If you want to enrich the format with more fields available in the Avanan UI events:
Select the Add custom mapping checkbox.
In the Custom mapping name field, enter a name for the new field.
From the Internal Event Field, select the field from which to take the value.
To add more custom mappings, select the Add another custom mapping checkbox.
For assistance in selecting the right internal field, contact Avanan Support.
Custom mapping is supported only for Syslog and JSON (Google UDM Compatible) formats.
Adding Custom Fields
If you want to enrich the format with custom fields with fixed values:
Select the Add custom field checkbox.
Enter the required Custom field name.
Enter the required Custom field value.