Previous Topic: IM ParticipantsNext Topic: Machine ID as Stored File or IM Event Participants

Network Integration GuideApplying User Policy to NBA EventsHow Are Participants Assigned to NBA Events?File Participants

File Participants

For files captured by or imported from the NBA, the event participants are derived from the IP addresses of the source and destination machines. For details about machine IDs as event participants, see the next section.

Output to socket

When the NBA outputs files via a socket connection to policy engines, it also passes the IP addresses of the source and destination machines. The policy engine then stores both addresses as event participants.

Output to disk

If the NBA runs in passive mode and outputs items to disk, when the files are subsequently imported Event Import can optionally assign the IP address of the source machine as the event participant. This is controlled by the ImpFile.ParticipantsFromNBAFilename import parameter.

More information:

Import Parameters