In events which Integrated Cyber Defense Exchange (ICDx) collects from Data Center Security (DCS), the policy name sometimes is a hexadecimal value instead of an alphanumeric name. When that happens, the rule_uid field does not appear in the policy part of the event. This difference appears to occur intermittently. Within DCS database, the alphanumeric policy name is present rather than the hexadecimal, and the rule_uid appears.
Some events in DCS have a hexadecimal present in the rule_name field within DCS database. These constitute rules internal to DCS itself, not policies created by end users or administrators.
Subscribing will provide email updates when this Article is updated. Login is required.