Hi community, We are currently working with a customer who needs to
integrate into Netwitness the results of some reports generated by a
database auditing tool. These reports are files in CSV format. Within
these reports, we have different columns an...
Dear Community, I'm trying to write an ESA rule to trigger when the
customer gets 10 error 500 and 10 error 400 for a Web Service in 5
minutes.the thing here is, the customer wants the rule to trigger the
alert regardless of how the events arrives, f...
Hi community! I have done some research in the log collector, and I have
found some config files under
/etc/netwitness/ng/logcollection/content/transform/snmptrap regarding
how the log collector transforms the intcomming snmp traps based
basically on...
I've a customer who has deployed the "user login baseline" rule into the
ESA. What we need to know is the statistics taken by ESA for each
user.In 10.x we had esa-client, now I don't know if we have that tool to
check cep memory tables. Any suggestio...
Hi Community, I'm currently working on a custom parser for a customer
and I realize the time date of the event is provied in Zulu format. I
need to know how to properly parse it, because there is nothing
documented on the NLPT User Guide about that k...
Hi Niels, you could take a look at this article
https://community.rsa.com/t5/netwitness-blog/parsers-book-zip/ba-p/524569
I don't really know if the nwll.lua file in there is the same version as
is currently deployed in NW 11.x but, you can take a lo...
Hi EduCarbonell! Thank you so much for helping with this rule. The
sintax of your rule seem to work if I don't care about the amount of 4xx
or 5xx errors. For example, your rule seems to match if there are 20
errors 4xx, 10 4xx and 10 5xx or 20 5xx. ...
Aaron, I have checked that with my customer and already has that check
enable...One thing to keep in mind: this is the only type of events that
seems to be incomplete.
