Hello BaptOnfroy
When looking for the Box device on supported NetWitness Integration guides webpage, I am not finding it.
Reference: Integrations - https://community.netwitness.com/t5/netwitness-platform-integrations/tkb-p/netwitness-integrations
As NetWitness collecting logs from the Box device is not supported and no one else is currently responding to say they have done this, then the options you have are the following.
1. Create your own Custom parser.
a. See the "Build Your Own Integration" topic on the NetWitness Community website. RSA Customer Support cannot help with writing a custom parser.
Reference: Build Your Own Integration - https://community.netwitness.com/t5/netwitness-platform-integrations/build-your-own-integration/ta-p/569322
b. Write Custom Log Parser Rules in the NetWitness UI, Configure > Log Parser Rules
Reference: Log Parser Customization Guide for 11.7 - https://community.netwitness.com/t5/netwitness-platform-online/log-parser-customization-guide-for-11-7/ta-p/654853
Other Log Parser Rules topics can be found on the NetWitness Community website with a URL like below.
https://community.netwitness.com/t5/forums/searchpage/tab/message?q=%22Log%20Parser%20rules%22&noSynonym=false&collapse_discussion=true
2. Let RSA Engineering know of your interest in having a future qualified parser for this device type by going to the NetWitness Community Ideas website to "Submit an Idea" to get NetWitness Product Management attention.
Click on "Submit an Idea" and describe the suggestion on the webpage, NetWitness Ideas - https://community.netwitness.com/t5/netwitness-ideas/idb-p/netwitness-ideas
This is the location where enhancement requests can be created, and also see what other Customers are suggesting. RSA Product Management monitors these suggestions and will consider the ideas that are most voted for by Customers.
