The 'NetWitness-ArcSight_Integrations' Zipped archive will contain
documentation, required references and import files to create
integrations between ArcSight ESM and NetWitness. It is broken down into
three main integrations:Right-Click lookup funct...
UPDATED 2-1-2017 to Version 0.4Changelog: 1-20-2017 (0.2) : Added
capability to auto-populate all appliance IP addresses. Substitute
"autoiplist" rather than user defined iplist. See help for more
information. Also fixed help file (previous typo). Re...
This is a quick video that covers the following topics:Using Explore to
disable identical sets of parsers from one Log Decoder to another to
keep an environment synchronized.Using Explore to compare two
like-services (just a byproduct of the above)Us...
I've added a blog post regarding a script that may come in handy for you
SA Architects and Admins out there: Script to Compile SA Inventory and
Configuration Information (SA_Enviro_Check.sh) 2-1-2017: The script has
been updated with a DRAC Firmware ...
Certain Decoder's may have ended up with a RAID0 array due to bug that
temporarily existed in certain versions of the nwrarraycfg script.
Instructions on how to check and fix can be found at the following link:
Any meta that was associated with the sessions comprising the alert are
eligible to be called by freemarker. Below is an example of a CEF Syslog
output I built as part of an integration with ArcSight last
year:<#include "macros.ftl"><#list events as ...
I believe feeds are applied before App Rules. Feeds should be applied
right after the parsing stage, so you're able to refer to meta generated
by them in App Rules. Note that App Rules are run in top-down fashion,
like a firewall rule chain, so app r...