We're trying to integrate ATP syslogs with Arc sight SIEM . ATP syslog outputs contain both CEF and JSON formats but ARCsight SIEM can able to parse only any one format.so is it feasible for ATP to send only one format instead of sending both?.this feature would be very usefull.so we request you to kinldy look into it
We have already created a case with Tech support regarding this.They also suggets us to generate an enchancement request