This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Lists in Report Rules

MichaelPochan
Beginner
Beginner

‎2017-01-24 04:56 PM

I'm attempting to create a rule that will ingest a list of partial hostnames and spit out their associated IPs based on DNS traffic traffic. 

 

pastedImage_1.png

 

When attempting to run it, I get the following error (Broker name and IP redacted)

 

pastedImage_3.png

 

I've gone through the logs and there are no more details. If there is only one line in the list, it works fine. However, when there are multiple values/lines in the list, I get this error. 

 

I assume I'm missing something obvious. 

0 Likes
2 REPLIES 2

JohnSnider
Trusted Contributor Trusted Contributor
Trusted Contributor

‎2017-01-24 11:22 PM

can you post some samples what is in the list?

Are the list values quoted with single quotes?

MichaelPochan
Beginner
Beginner
In response to JohnSnider

‎2017-01-25 01:20 PM

Thank you! That was it. 

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.