I don't believe there is an add-on for DAM, I looked a while back. I ended up creating my own props/transforms to extract all the fields. The fields DAM includes in its events are configurable as well, so my DAM logs may not be the same as your DAM logs. But here's what I've been using:
props.conf:
[dam-2]
SHOULD_LINEMERGE = false
LINE_BREAKER = ([\r\n]+)
TIME_PREFIX = ^"[^"]+?","
TIME_FORMAT = %s%3N
MAX_TIMESTAMP_LOOKAHEAD = 15
TRUNCATE = 0
KV_MODE = none
EXTRACT-mcafee_dam-2_fields = "(?<ruleNameRaw>[^"]+)","(?<execTime>\d+)","(?<id>\d+)","(?<sourceIP>[^"]+)","(?<osUser>[^"]+)","(?<execUser>[^"]+)","(?<execProgram>[^"]+)","(?<sid>[^"]+)"\."McAfee Database Security","(?<cmdType>[^"]+)","(?<sqlStmt>.+?(?=","))","(?<accessedObjectsRaw>[^"]+)","(?<clientId>[^"]+)","(?<module>[^"]+)","(?<action>[^"]+)","(?<spid>[^"]+)","(?<inflowSqlStmt>.+?(?=","))","(?<inflowObjectsRaw>[^"]+)","(?<database>[^"]+)","(?<agentHost>[^"]+)","(?<sourceHost>[^"]+)","(?<schema>[^"]+)"
REPORT-mcafee_dam-2 = mcafee_dam-2_ruleName, mcafee_dam-2_accessedObjects, mcafee_dam-2_inflowObjects
transforms.conf:
[mcafee_dam-2_ruleName]
SOURCE_KEY = ruleNameRaw
REGEX = (?<ruleName>[^\|]+)
MV_ADD = true
[mcafee_dam-2_accessedObjects]
SOURCE_KEY = accessedObjectsRaw
REGEX = (?<accessedObjects>[^\|]+)
MV_ADD = true
[mcafee_dam-2_inflowObjects]
SOURCE_KEY = inflowObjectsRaw
REGEX = (?<inflowObjects>[^\|]+)
MV_ADD = true
... View more