TAXII Server Support
What's the status of TAXII support in v12? Am I able to use a TAXII server as a source when creating a custom feed to use in the context hub or as a threat feed for additional meta.
What's the status of TAXII support in v12? Am I able to use a TAXII server as a source when creating a custom feed to use in the context hub or as a threat feed for additional meta.
As DevOps, CI/CD, Cloud adoption, Infrastrucutre as Code adoption speeds up, being able to properly defend and detect against these workloads is getting more and more critical. I've seen the topic of Detection as Code cropping up more and more lately...
I have an event source (Airlock) that when configured is supposed to use the CEF Event Parser. However I've noticed that not all information is being parsed out of the event log. Is it possible to use the default CEF parser and then extend it with ad...
I'd be interested to hear how other people approach taking online threat reports that have detection rules for other products like Splunk and apply them to NetWitness. There is a lot of content for other tooling but not a lot for Netwitness so I'd li...
How do I create a log parser for log files that are in JSON format? All the resources I've seen and the Log Parser Tool seem to only deal with syslog style logs where the whole message is on a single line however the event source I need a parser for ...