Bug ID 1393761: ArcSight sends a series of '000000000' values in the remote log in case of Attack Signature Detected.

Last Modified: Jun 19, 2024

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3, 17.1.1, 17.1.1.1, 17.1.1.2, 17.1.1.3

Opened: Nov 03, 2023

Severity: 4-Minor

Symptoms

Series of 0's seen in Arcsight remote logs, in place of the Attack signature ID and Name.

Impact

Attack signature ID and Name is not seen in remote logs.

Conditions

Remote logging profile with ArcSight as logging format.

Workaround

Use Splunk format instead.

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips