How do I create a log parser for log files that are in JSON format? All
the resources I've seen and the Log Parser Tool seem to only deal with
syslog style logs where the whole message is on a single line however
the event source I need a parser for ...
Going through the behaviour, indicator and enabler of compromises I have
a lot of false positives. What's the correct procedure for filtering
those false positives so I'm not jumping at shadows every day?
Has anyone been succesful in detecting scans like nmap scans, port
scans, vuln scans etc? The first time I tried using an ESA rule from RSA
Live it basically exploded NetWitness with false positives and I never
went back to look at it. We're now gett...
In reading this post on building a small NetWitness deployment for
testing and experimention
https://community.netwitness.com/t5/netwitness-community-blog/tips-to-build-small-rsa-netwitness-platform-virtual-hosts/ba-p/520873
I couldn't see any refere...
Hello, I'm attempting to create a log parser for our web proxy that
doesn't have a parser already for it. I've watched the YouTube series on
log parser creation created by @DaveGlover . In the section about
creating the header I need some assistance ...
I have a similar situation with OpenCTI and MISP. The only way I've
found is to export the indicators as a CSV file and host it on a
webserver somewhere, then import that as a custom feed into NetWitness
as a recurring feed.
Hi @AhteshamPatel thanks. Looks like I misunderstood I thought this one
was being deprecated Azure Monitor Event Source Configuration Guide -
NetWitness Community - 570256
