NetWitness Community

Janejar1 · ‎2017-07-23

i have netwitness for log and have other product forward log to rsa

pls suggest step begin this solution (I'm new )

dineshpk · ‎2017-07-24

What Web Gateway do you have on your environment? Are you collecting those logs to SA?

Also you need to know about the web filtering policy implemented, based on that you can write a ESA rule to alert on that category.

Janejar1 · ‎2017-07-24

Thank you very much dinesh pk

- thank you again ^_^ i will to take follow you suggest

dineshpk · ‎2017-07-24

Below is a simple ESA logic you can use.

You can add up the filter based on the required categories defined by bluecoat (Symantec Category Descriptions ).

SELECT * FROM Event(
/* Statement: S1 */
(device_type .toLowerCase() IN ( 'cacheflowelff' ) AND filter .toLowerCase() IN ( 'pornography' ))
)
.std:groupwin(user_dst)
.win:time_length_batch(1 Minutes, 5)
GROUP BY user_dst
HAVING COUNT(*) >= 5;

Regards

Janejar1 · ‎2017-07-24

Thank you very much dinesh pk for your help me ^_^
PLS suggest how to use ESA logic to use implemented step by step .

now i to try learning and config . thank you again dinesh pk ^_^

NathanGetty · ‎2017-07-24

Try reading the RSA documentation. It's much faster than looking at user comments.

Click the "?" in the ESA menu for more information.

NetWitness Community

So i want to write rule for monitor or alert client is go to website adult video