This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

What is the difference between original alerts and normalized alerts ?

Go to solution
susui
New Contributor New Contributor
New Contributor

‎2022-12-12 08:54 PM

Hi,

 

In the version of 12.1.0.0 of NetWitness,
in Respond, there are original alerts and normalized alerts.
Simply speaking, what is the difference between original alerts and normalized alerts ?

 

Regards,

0 Likes
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
Eswar
Contributor Contributor
Contributor

‎2022-12-16 08:45 AM

Hi @susui 

Original alerts are basically raw alerts respond receives from ESA. 

Once the raw alert comes into respond, it goes through a process called normalization which is basically mapping fields from raw alert to user known meta keys. The end alert info you see in UI is normalized alert data.

 

You can refer this - https://community.netwitness.com/t5/netwitness-platform-online/configure-custom-respond-server-alert-normalization/ta-p/669575

 

 

View solution in original post

0 Likes
1 REPLY 1

Go to solution
Eswar
Contributor Contributor
Contributor

‎2022-12-16 08:45 AM

Hi @susui 

Original alerts are basically raw alerts respond receives from ESA. 

Once the raw alert comes into respond, it goes through a process called normalization which is basically mapping fields from raw alert to user known meta keys. The end alert info you see in UI is normalized alert data.

 

You can refer this - https://community.netwitness.com/t5/netwitness-platform-online/configure-custom-respond-server-alert-normalization/ta-p/669575

 

 

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.