This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Where to download the epolicy parser?

ShellyFan
Beginner
Beginner

‎2017-06-23 03:38 PM

hi, Team

we would like to log the EPO Server to RSA. According to your guide - RSA Security Analytics
Event Source Log Configuration Guide-McAfee ePolicy Orchestrator. 

"If you do not see your parser in the list while performing this procedure, you need to
download it in Security Analytics Live.". But I can't find it neither in the RSA Live nor RSA Link. Could you please help to provide the "epolicy parser"? We need it as soon as possible.

pastedImage_1.png

Many Thanks,

Regards,

Shelly

0 Likes
4 REPLIES 4

JacobDorval
Beginner
Beginner

‎2017-06-23 03:55 PM

Hi Shelly,

From the RSA NetWitness UI please navigate to Live -> Search.  In the search criteria section on the left of the screen, type in 'epolicy' and click search.  You should then see the content on the right in my screenshot below.  

 

epolicy.png

 

From here you can select the epolicy parser, subscribe to it if you want automatic updates in the future, add it to a deployment group and push it out to your Log Decoder.  Once it is pushed to your Log Decoder you should be able to enable it using the instructions in the screenshot you provided above.

 

I hope this helps!

0 Likes

ShellyFan
Beginner
Beginner
In response to JacobDorval

‎2017-06-23 04:03 PM

Hi, Jacob,

 

Thanks a lot for the prompt reply.

Here is what I got. Which one is the parser?

 

Preview file
94 KB
Preview file
1 KB
Preview file
1 KB
0 Likes

JacobDorval
Beginner
Beginner

‎2017-06-23 04:09 PM

No problem, Shelly.  The top one is the actual parser and the second one is the log collector configuration content.  No harm in selecting them both and pushing them both out within your environment.

0 Likes

ShellyFan
Beginner
Beginner
In response to JacobDorval

‎2017-06-23 04:12 PM

Hi, Jacob,

 

I think I am good for this issue. Just recognize that find the wrong place. Now I saw the epolicy now.

 

Thanks a lot for the help.

Many Thanks,

Regards,

Shelly

 

 

Preview file
1 KB
Preview file
24 KB
Preview file
1 KB
0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.