The RSA Live Content team has published updates for 6 more Log Parsers that generate the largest number of, “Unknown Message Defect” support cases. Earlier in October 2016 (https://community.rsa.com/community/products/netwitness/blog/2016/10/12/log-parser-improvements ) 15 parsers were published.
These enhancements are part of a strategic initiative to drive improvements to Log Parsers.
Benefits from these improvements result in:
To take advantage of these improvements you will need to download the latest versions of the parsers listed below from the Live Portal.
S.No. | Event Source | Log Parser | Improvements | |
1 | Fortinet FortiGate | fortinet | This parser has been redesigned to parse all event ids generated by the event source. We have made the parser future proof to parse newer event ids that may be introduced in newer versions of the product. It can also accommodate New/Unknown tags, which significantly reduces the number of unknown messages. | |
2 | Microsoft Exchange Server | msexchange | This parser can now identify all Microsoft Excahnge events coming in via Windows Collection. | |
3 | F5 Big-IP Application Security Manager | bigipasm | This event source has a structured log format and uses tag=value format. It has been improved to accommodate New/Unknown tags, which significantly reduces the number of unknown messages. | |
4 | Bit9 Security Platform | bit9 | This parser has been redesigned to parse all event ids generated by the event source coming in via Syslog. We have made the parser future proof to parse newer event ids that may be introduced in newer versions of the product. This event source has a structured log format and uses tag=value format. It can also accommodate New/Unknown tags, which significantly reduces the number of unknown messages. | |
5 | Cisco IronPort Email Security Appliance | ciscoiportesa | This parser has been made future proof to identify all events coming in via File Reader or Syslog. | |
6 | Trend Micro Control Manager | trendmicro | This parser has been redesigned to parse all event ids generated by the event source. It has been made future proof to parse newer event ids that may be introduced in newer versions of the product. This event source has a structured log format and uses tag=value format. It can also accommodate New/Unknown tags, which significantly reduces the number of unknown messages. | |
RSA Live Content team will be powering similar improvements for more parsers over the next two quarters.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.