This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Updating Custom Feeds

Anonymous
Not applicable

‎2014-02-24 10:23 AM

OK I have successfully created several custom feeds for things like bad IP or Bad Domain.  Now I have to keep these feeds up-to-date on a regular basis.  Can I just recomplied the .feed file and upload it and the CSV file to the decoders, then restart the decoder service?  Are there better ways of doing this.  I ultimately want to automate this process as much as possible any suggestions in this area would be appriciated.  Attached are examples of the XML and the CSV.

 

Phil    

Preview file
1 KB
Preview file
1 KB
0 Likes
2 REPLIES 2

Anonymous
Not applicable

‎2014-02-24 12:56 PM

Are you using security analytics?  If so, they already have a built in method to doing this.  You just need to add the feed as a recurring task and host the csv somewhere that you can give access to SA.  This way you can just update the csv and it will update on its own. 

0 Likes

Anonymous
Not applicable
In response to Anonymous

‎2014-02-24 01:12 PM

Thank you for the response.  I am using NetWitness 9.8.1.5.  So I am not sure if that technology still applies.  My documentation tells me I need to create xml files like the one attached and than provide the csv of the content I want to tag.  I than use the nwconsole to create a .feed file out of the two.  After that I just upload the feed to the decoder and restart the decoder service.  If you know another way to do this with my version of NW I would love to hear it.

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.