NetWitness Community

ThomasJones1 · ‎2017-01-03

Does RSA have a OOTB alerts guide that describes the basic alerts and how they should be interpreted? Alerts - packet, logs and ESA.

EricPartington · ‎2017-01-03

https://community.rsa.com/docs/DOC-62341

Check out farther down the page... the written metavalues are described there (single sided udp, single sided up).

View solution in original post

EricPartington · ‎2017-01-03

Are you looking for descriptions of the OOTB ESA alerts or application rules and syntax or something else ?

https://community.rsa.com/community/products/netwitness/rsa-content

ThomasJones1 · ‎2017-01-03

Hi Eric,

Not quite... I am looking for a document to help interpret meta. Ex. single packet tcp, single packet udp. Just the generic items that I can provide to our customers to help them understand what the alerts mean and how to interpret them.

Tom J

EricPartington · ‎2017-01-03

https://community.rsa.com/docs/DOC-62341

Check out farther down the page... the written metavalues are described there (single sided udp, single sided up).

ThomasJones1 · ‎2017-01-03

Thanks Eric,

This is what I was looking for... just a side note. Ex. single sided tcp and single packet tcp. The ir.general module refers to it as single sided tcp... for the Palo source.

Tom J

NetWitness Community

OOTB Alerts Document