Lee Kirkpatrick

Everything is PossiEPL

Blog Post created by Lee Kirkpatrick Employee on Oct 12, 2016

Event Processing Language is utilised within the NetWitness Event Stream Analysis (ESA) component. This language is what allows us to write advanced correlation rules to detect and thwart the advanced threats we face on a constant basis; it allows us to make sense, to organise and sift through the copious amounts of metadata which is produced on a daily basis.

 

EPL can seem a little daunting upon first glance, but understanding a few basic principles will allow you to create a plethora of use cases - I have created a document to better understand those principles, to extend my knowledge, and hopefully yours as well:-

 

 

Enjoy!

Outcomes