Dears, I intend to create an alert in ESA in which the statement
condition is based on action meta.what I'm looking for is to get this
alert triggered for this event: Given a specific device type and
whenever a user initiate an action statement like:...
Dear Lee. I believe this command is to be used in an advanced ESA rule:
SELECT * FROM Event WHERE action.anyOf(i => i.contains("This is your
value to query")) Can you provide something similar to use in a basic
ESA rule and in Netwitness/Warehouse ru...
Thanks Lee This needs to be implemented in an advanced ESA rule right?
is it possible to make it in basic ESA rule or Netwitness alert just to
get going until I'm properly versed in EPL. Regards,
Thanks man I will check it out (I already have an EMC account) but I
suppose these are paid E-learning courses?Can you share some free
documentation or videos it would be much appreciated? Regards,HANI
How can I use this in the Netwitess or ESA rule in which field I need to
insert it: SELECT * FROM Event WHERE action.anyOf(i =>
i.contains("select * from tablespace")) and what does Event refer to.
Yeh this is working for me.However this issue I'm facing lies in the
fact that I want to filter those logs that contain specific field in the
action meta key like 'table called 'audit' or 'xyz' wherein my action
key has meta value like: select * from...
