Mapping

A map is a collection of values and keys defined in a CSV or text file. You can enrich your data by using maps to add additional information to the incoming events from your source device. This additional information can be used for correlation and reporting.

You can create your custom maps in addition to the default maps available. You can use event mapping, which allows you to add additional data to an event by using data already present in the event and by referencing and pulling data from an outside source. For more information, see Event Configuration and Event Mapping.

NOTE:In order to do mapping, your configuration.xml file must be pointing to a communication server that has DAS_Binary and DAS_Core connected to it. This is normally the case by default, as long as the communication server and DAS processes are running.

The Mapping tab allows you to:

Mapping works together with the Referenced from Map Data Source setting for individual fields under Event Configuration. You can map by using a string or number range. The following are the default maps available:

To view maps in the GUI:

  1. Navigate to the Admin tab and select Map Data Configuration from the Navigation pane or click the Map Data Configuration button .

The main Mapping GUI displays a listing of all of the maps that have been defined for the system.

NOTE:Default Sentinel maps cannot be edited or deleted.

For trademark and copyright information, see Legal Notices.