Hello, We are experiencing ESA sessions behind with 11.3+ ESA and would
like to seek advice of community on how to handle the issue. You can see
previous thread covering 10.6 here:
https://community.rsa.com/message/929061 Following RSA guide to reset...
Good afternoon, I am working on LUA script on top of proxy parsers to
extract ports from url's among other things.I have an issue working with
integers, while strings are extracted properly.Not to post full script
here are the main parts, which work ...
Hello Lee, Thanks for the tip, but output first + "select * from Event"
will suppress all events and in output I will have only the first event
from the chain (somehow even if you are using.win:time_length_batch(60
minutes, 3)):Esper rule output:Inse...
Hello Lee,Thank you for your post it was very helpful! I was trying to
achieve same results in means of output and suppression, however my
pattern was different. All was fine except somehow 24 hour suppression
was not working properly. My pattern for...
Hello William,Thanks for the tip, did some modifications now the
destination ports are extracted from url's properly. Handy for ftp over
http extractions for
example.Definition:nwlanguagekey.create("ip.dstport", nwtypes.UInt16)And
additional check + ...
Hello Drew,First you change variable type of meta 'error' to string
array: 000032359 - Changing ESA Variable Type in RSA Security Analytics
10.5 Then you use default string array operators with this meta: ALL,
ANY, etc: Chapter 9. EPL Reference: Oper...
