In this video we cover some ESA EPL alerting basics and cover the EPL
TryOut tool to help us better test our ESA alerts by creating our own
schema and "injecting events" into our Event window.
Notes below from the video presentation... Traditionally, ESA
aggregation has been an "all or nothing" approach. That is, we had no
way to provide ESA just the necessary events that are relevant to the
ESA Rules deployed on that ESA service. RSA NetW...
Although the RSA NetWitness platform gives administrators visibility
into system metrics through the Health & Wellness Systems Stats Browser,
we currently do not have a method to see all storage / retention across
our deployment in a single instance ...
This video covers the Rate Limiting feature within RSA NetWitness
Endpoint. The video covers rate limiting on the custom flat file
collection policy configured in the video linked below. However, rate
limiting can be added to any of the policies. Pre...
In the following video we go through the steps to configure RSA
NetWitness Endpoint Agent (Insight mode) to collect a custom flat file
from a Windows server. This would allow us to replace the use of the RSA
SFTP Agent. Instead of SFTP data over to o...
I haven't worked with customers doing this today, however, it is
definitely a viable approach. That is, using one ESA with targeted data
aggregation (filtered data) with advanced analytical use cases deployed.
Then using another that receives all dat...
Yes, there is no cleanup operation that sets the standby that became
primary then went back to standby. It'll still show all the services but
should not be used as Primary will keep pushing snapshot data to the
Secondary for future failover(s).
Jeremy, Looks like you found a bug… I did the following updates and
please see my notes about the index vs meta below as well. Updates: 1.
Fixed the bug with date calculations that have no ‘days’ 2. Added
support for Log Retention Hybrid (new model) ...
What is your session.oldest.file.time? And what is your time.begin and
time.end? The index data can be viewed under “index -> stats” in
Explore. The script calculates all index, session and meta times then
concludes retention based on the shortest ti...
