This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Query between fields

JeanpierreCorci
Beginner
Beginner

‎2016-11-29 05:48 PM

Hi Team,

 

I would like to know if I can make the comparisons between two fields.  This in order to result in the list of all those who field A are in field B. Thanks

0 Likes
1 REPLY 1

DavidWaugh1
Employee
Employee

‎2016-11-30 04:19 AM

Hi

 

If you want to create new meta based on field1=field2 then you will need a LUA parser to do this for you. 

 

if you want to create a report, then use the reporting engine to create a list, and then use this list in another reporting rule.

 

As an example.

 

Create a List called Interesting User = {Alice,Bob,Charlie,David} in the reporting engine.

 

Then you could have a reporting rule where User in "List Interesting User"

NWDB Rule Syntax - RSA Security Analytics Documentation 

 

where <field1> [<field-operator>] <List1>You can use a list in the where clause if you have multiple values to report on. For example, where ip.src exists && alias.host exists && alias.host contains $[User Reports/List of Alias Host]. When you use the list you must specify in the format $[<path>/<List name>].
0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.