Howdy all. Just recently created two custom feeds. One is IPs , the
other attempt is unique domain names going into custom meta. The domain
names are not being indexed, and no errors are seen on my log decoder.
For the most part, i followed this:
htt...
Howdy, Sorry if this is a stupid question but going ask anyway! Today we
ran into an issue where an ODBC trace file got corrupt, we didnt really
know until i just so happened to be poking around /var/log/messages on
another issue and saw this bad boy...
Howdy, SA/NW Version: 10.6.1.0Hybrid Con/Dec/Collector. We are having an
odd issue that just started happening last week (after we updated some
parsers from Live). During the day(s) our aggregation from our log
decoder on our concentrator gets ridicu...
Version SA 10.6.1 - This might be a stupid question but, is it possible
to setup a recurring custom live feed with a single column (list of IP
addresses). Example could be something simple like this IP list;
https://rules.emergingthreats.net/blockrul...
Howdy, We are on 10.6.1 and have been creating rules and alerts (in the
reporting engine). We normally pick our hybrid (logs) concentrator as
the data source (on the alert). This was working fine...now all of a
sudden we get a error message with the ...
Hey Eric, Sorry for a late reply. Yeah, i can give a snippet of the
original feed data from OTX (pre adjusting data to NW feed). Since this
is public API stuff, no big deal. https://file.io/45PGV6 <-just a .zip
file , no tricks. lol. So i did test th...
I tried restarting the nwconcentrator service and uhhh it got really mad
about that. Throwing lock errors all over the place. So i ended up
rebooting the Hybrid box altogether and the problem magically went away.
Crappy solution but i do have a case ...
