This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Service Type Other numeric value

SajjadShahid
Beginner
Beginner

‎2017-10-31 12:50 PM

Hi,

I want to exclude OTHER in the service type result set, wondering what is the numeric code for it so that I can exclude it with service != ?? in the rule where clause.

Thanks in advance,

0 Likes
4 REPLIES 4

EricPartington
Employee
Employee

‎2017-10-31 01:04 PM

service!=0

SajjadShahid
Beginner
Beginner
In response to EricPartington

‎2017-10-31 01:09 PM

Thanks a lot, Eric.

Much appreciated!

0 Likes

ThomasFedorchuk
Occasional Contributor Occasional Contributor
Occasional Contributor

‎2017-10-31 01:16 PM

You can find the service "values" in the file /etc/netwitness/ng/index-decoder.xml.

 

Here is a sample snippet output of the file...

<key description="Service Type" level="IndexNone" name="service" valueMax="75" format="UInt32" defaultAction="Open">
<aliases>
<alias format="$alias" value="0">OTHER</alias>
<alias format="$alias" value="20">FTPD</alias>
<alias format="$alias" value="21">FTP</alias>
<alias format="$alias" value="22">SSH</alias>
<alias format="$alias" value="23">TELNET</alias>
<alias format="$alias" value="25">SMTP</alias>

SajjadShahid
Beginner
Beginner
In response to ThomasFedorchuk

‎2017-10-31 02:05 PM

Thanks a lot for the info, Thomas.

Much appreciated!

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.