In reading this post on building a small NetWitness deployment for
testing and experimention
I couldn't see any refere...
Hello, I'm attempting to create a log parser for our web proxy that
doesn't have a parser already for it. I've watched the YouTube series on
log parser creation created by @DaveGlover . In the section about
creating the header I need some assistance ...
Some time ago there was a script posted to get the retention times of
the various netwitness databases. One of the options was to output the
script to syslog I was curious if anyone has thought/done to send that
syslog to the kibana on new health and...
Actually maybe I can use the CEF parser. I just opened the cef_v2.xml
file from one of my decoders in the LPT tool and then opened a sample of
log files. It seems to map the header correctly. I guess the next
question would be, what's the next step t...
I created a CSV recurring feed that generates meta into the 'feed.name'
meta key. Then I created an ESA rule that alerted on the existence of
the feed.name key. I thought I could create a simple context hub list
since I only have 1 IP I want this ale...