Closed shapor closed 1 year ago
The correct UDM field is principal, not src, see https://cloud.google.com/chronicle/docs/unified-data-model/format-events-as-udm#specifying_nouns_entities
The correct UDM field is principal, not src, see https://cloud.google.com/chronicle/docs/unified-data-model/format-events-as-udm#specifying_nouns_entities