This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

looking to parse out sha2 value using LPT

JohnBabio
Beginner
Beginner

‎2018-03-13 09:33 AM

Nothing quite fits parsing out the sha2 value in our malware alert we receive. I see ioc is a meta value but it looks like its based on ip's and domains from a list.

0 Likes
2 REPLIES 2

jeffshurtliff
Administrator Administrator
Administrator

‎2018-03-13 09:54 AM

Hi John,

 

I have moved this thread to the RSA NetWitness Suite" data-type="space so that you can get an answer to your question.

 

You can post future questions and discussions directly to that community by clicking on the Ask a Question or Start a Discussion button on the RSA NetWitness Suite" data-type="space page.

 

netwitness_discussions-section.png

 

Thanks,
Jeff

0 Likes

EricPartington
Employee
Employee

‎2018-03-14 08:46 AM

not clear as to your question...  please provide sample log and what you are trying to parse.

 

Is this a syslog message from the MA service that you are trying to parse? if so please provide the syslog message.  if its from another system please provide that syslog event

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.