Hi Team we have two queries as mentioned below:
eventtype=cppm-fail-authentication cphost=* -->This gives me the list of failed authentication of users.
eventtype=cppm CPPM_Endpoint_Profile cphost=* hostname="*" * | table hostname,device_category, device_family, device_name, mac_vendor, mac_address, fingerprint, static_ip -->This gives me the profiling details of the device like, mac, ip, os type etc.
My requirement is that I want to combine both the queries so that we can get the device fingerprint details for failed authentication.
... View more