This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Community Blog
Subscribe to the official NetWitness Community blog for information about new product features, industry insights, best practices, and more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Security Analytics Parser v2.0.zip

Anonymous
Not applicable
‎2014-10-01 10:00 PM

This version is no longer current, the latest version is Security Analytics Parser 2.1.63, Link below.

 

 

Attached is a log parser that will allow Security Analytics to consume its own logs and properly parse them.  This parser will also parse the syslog audit logs sent from the SA GUI.  There are ESA alerts, Reports, Investigation Meta Group, table-map-custom.xml and the Concentrator/Broker Custom indexes.  This parser works on 10.3.x and 10.4 (it will parse the messages common between 10.3x and 10.4x).  It does not contain new log entries from 10.4, like for the puppet service.

 

This version is much more comprehensive and parses the log events into proper meta keys and event categories.

 

I wrote this to help fill the audit gap that exists in SA and to help with system monitoring.

 

It also includes a list the event categories and the event parser lines to help with building reports, alerts and queries.

 

If you have an SA Log entry that is not getting parsed, send it to me and I will see about adding it to the next version.

 

Enjoy!

Security Analytics Parser v2.0.zip
Security Analytics Parser v2.0.zip
7 Comments
© 2022 RSA Security LLC or its affiliates. All rights reserved.