Hello All - Looking for some insights on how correlated rules work in
NextGen... Specifically, I have a correlated rule configured (see Figure
1) which fired at 23:05 and again at 23:11 relative to the data in
Figure 2 (or, alternately, Table 1). Sin...
Hello All - Running NetWitness v9.8.5.5... if I want to deploy an XML
parser (that does not create custom meta, but that does use existing
meta) what do I need to do beyond save the parser file on the decoder?
I'm assuming that the parser is working ...
Hello All - Running Informer 2.0.5.6 and would like to create an alert
only when a certain event exceeds a threshold. For example HTTP GET
sessions to a Web server is greater than x/per minute. I've tried using
the 'min_threshold' rule action, but th...
Hi Fielder - I might have a hit on this, but it could be a false
positive. I'd like your analysis but prefer not to post it for all to
see at this point in time. Can you follow me / message me directly so I
can send it to you for further analysis? Tn...
Thanks for the insights Johannes! Between yours and Fielder's advice,
here is what I came up with on NextGen... In index-decoder.xml I added
the following line: In
index-concentrator.xml I added the following line: Note especially that (a) I had
to a...
Thanks Fielder - Any insights if I'm using 9.8.5.5? Our environment is
small enough that we don't have a broker, so all I need is how to tackle
this on the decoder and the concentrator. I don't see an
index-custom.xml file... can I just make the chan...
