000012268 - Creating and Deploying Custom Feeds Using RSA NetWitness Live Manager 2.x

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000012268
Applies ToRSA NetWitness NextGen
RSA NetWitness Live Manager
RSA NetWitness Live Manager 2.x
IssueCreating and Deploying Custom Feeds Using RSA NetWitness Live Manager 2.x.
How to create and deploy custom feeds in NetWitness Live Manager.
How do I create and deploy a custom feed?
Resolution

Technical Note:  Below are the supported range types for the index field of the feed definition xml file:
Type 1:  None - Do not specify a range parameter if your csv file contains only individual IP addresses in its index field.
Example XML:
                    <Field index="1" type="index" />
Example CSV:
                    10.0.2.5,MainOffice,Servers
Type 2:  range="cidr" - Use this syntax to denote CIDR notation in your csv file.  If using this, individual IP addresses in your csv file must specify /32.
Example XML:
                    <Field index="1" type="index" range="cidr" />
Example CSV:
                    10.0.0.0/24,MainOffice,Servers

                    10.0.1.0/25,MainOffice,PCs

                    10.0.2.5/32,MainOffice,Servers
Type 3.  range="low" and range="high - Use this syntax when using two index fields to denote a range of IP addresses.
Example XML:
                    <Field index="1" type="index" range="low"/>

                    <Field index="2" type="index" range="high"/>
Example CSV:
                    10.0.0.0,10.0.0.255,MainOffice,Servers

                    10.0.1.0,10.0.1.255,MainOffice,PCs
Note: when IP addresses are expected in CSV file, only individual IP addresses or CIDR notations are allowed, no other values are allowed.


Type 4.  Metacall back


See attach example files domain_alert.csv and domain_alert.xml


                                     examplefeed-metacallbacks.xml 
                                     examplefeed-metacallbacks.csv


 Notice:


For more detailed explanation of Feeds and how you may view it in Investigator. Please see the Feeds Document attached to this solution.


a59743examplefeed.csv

Notes

For additional information on creating and deploying custom feeds, refer to the documents below.


a59743Deploying%20Custom%20Feeds%20With%20Live%202.0.pdf


a59743examplefeed-metacallbacks.csv


a59743examplefeed-metacallbacks.xml


a59743DeployingCustomFeedsLive%202.1.


a59743domain_alert.csv


a59743domain_alert.xml


a59743FrequentlyAskedQuestionsFeed1.pdf


a59743FeedsDocument.docx


a59743Custom_Feeds.pdf

Legacy Article IDa59743

Attachments

    Outcomes