Hi Deepanshu, The parser needs to be changed to be a "content 2.0"
parser.If it doesn't use any content 1 tables, it is a simple
modification of the xml fileIn the "VERSION" tag, just change device=""
to device="2.0" .To create a package that can be ...
If the OOTB meta keys domain.src and domain.dst are not suitable in your
environment, you can add new custom meta keys such as emaildomain.src
and emaildomain.dst (to the "index-concentrator-custom.xml" file) and
modify the lua parsers accordingly. P...
First create the parser files (with extension .lua) on your local
machine from which you use the browser to connect to the SA GUI. In the
Security Analytics menu, select Administration > Devices.In the Device
grid, select the Decoder or Log Decoder d...
One approach is to have a post-processing parser that extracts the
domain (after the @) from the email.src/email.dst meta values and put it
into new (or existing) meta keys (e.g. domain.src/domain.dst). See below
for some prototypes of such parsers i...