This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Education Courses
No ratings

RSA NetWitness Log Parser Creation

ConnorMccarthy
Beginner
Beginner

on ‎2018-03-09 10:07 AM

On-Demand Lab Details

Register

In order to register for a class, you need to first create a Dell Education account

If you need further assistance, contact us

Summary

This On-Demand lab will provide students with the information and a virtual environment to practice creating and deploying log parsers within RSA NetWitness.

 

Overview

This On-Demand lab will provide students with the information and a virtual environment to practice creating and deploying log parsers within RSA NetWitness. Students will be introduced to reviewing the metadata framework, creating log parsers using the NetWitness Log Parser Tool (LPT), and deploying log parsers within RSA NetWitness Logs.


Audience

SE, PS, CS, Customer, Partner


Delivery Type
On-Demand Lab (self-paced eLearning with lab)


Duration
4 hours
Note: RSA University’s on-demand lab environment is provided for 10 hours of overall practice time over a 14-day period.


Accessing the Lab Environment
Lab exercises are performed in the RSA University virtual lab environment. The downloadable Lab Guide provides detailed instructions on access the environment. For more information please view the document Access RSA University Virtual Labs – available on the RSA University site:

RSA University Content


Prerequisite Knowledge/Skills

  • RSA NetWitness Logs & Network: Foundations
  • RSA NetWitness Logs & Network Core Administration

 

Learning Objectives

Upon successful completion of this course, participants should be able to:

  • Describe the RSA NetWitness Logs & Network log data flow
  • Describe the role of parsers in RSA NetWitness Logs & Network
  • Describe the process used to create and deploy log parsers
  • Create a Log Parser using the Event Source Integrator (ESI) Tool
  • Deploy a Log Parser for use in RSA NetWitness Logs & Network
  • Modify service configuration files to add custom meta keys
  • Modify Security Analytics to receive file-based logs from devices not currently supported

 

Course Outline
Log Data Collection

  • The flow of log data
  • The Log Collector service
  • Configuring Log Decoders
  • Log Decoder meta generation
  • Log data processing
  • Service configuration files
  • Index files
  • Meta key definition


Introduction to Parsers

  • What is a parser?
  • Parser types
  • What is a log parser?
  • Deploying log parser content
  • XML device format
  • Parsing an XML file
  • Steps to create a log parser

 

Creating a Log Parser using the NetWitness Log Parser Tool (LPT)

  • What is the LPT?
  • LPT features and interface
  • Defining headers and message IDs
  • Defining variables
  • Defining the message event category
  • Deploying the parser

 

 

 

 

On-Demand Lab Details

Register

In order to register for a class, you need to first create a Dell Education account

If you need further assistance, contact us

Was this article helpful? Yes No
0 Likes
Version history
Last update:
‎2018-03-09 10:07 AM
Updated by:
Beginner
Contributors
© 2022 RSA Security LLC or its affiliates. All rights reserved.