RSA NetWitness Lua Parsers for Logs

Document created by Connor Mccarthy Employee on Oct 27, 2017Last modified by Connor Mccarthy Employee on Apr 26, 2018
Version 9Show Document
  • View in full screen mode

                                                                                                                                                                                                   Register Now

 

 

In order to register for a class, you need to first create an EMC account

If you need further assistance, contact us

 

Summary

This On-Demand Learning course will provide students with an overview of creating custom log parsers for RSA NetWitness using Lua.

 

Overview
This On-Demand Learning course will provide students with an overview of creating custom log parsers for RSA NetWitness using Lua. Students will cover topics such as when to use a custom parsers, the components of a Lua parser, how to create the Lua parser for logs and basic troubleshooting.


Audience

Customer, PS, CS, ES, Partners


Delivery Type
On-Demand Learning (self-paced eLearning)


Duration
1 hour

 

Prerequisite Knowledge/Skills

Knowledge of the following is required for attending this course:

  • General programming concepts including local and global variables, conditional logic (if, then, else) and program loops (while, do) is highly suggested but not required
  • Use of a source code editor (such as Notepad++)
  • Basic understanding of the grep command in Linux
  • RSA NetWitness for Logs & Network Introduction – eLearning
  • RSA NetWitness for Logs & Network Foundations ILT
  • RSA NetWitness Logs Parser Overview eLearning
  • RSA NetWitness for Logs & Network Lua Parsers - eLearning

 

Learning Objectives

Upon successful completion of this course, participants should be able to:

  • Identify when the use of Lua is necessary for parsing and creating custom content
  • Understand and explain the use of RSA NetWitness meta callbacks
  • Understand and explain the use of nw.getPayload(), tostring() and nw.LogInfo() functions
  • Understand and explain the use of basic Lua string pattern-matching
  • Create a custom log (device) parser for a supported event source using a Lua parser
  • Test a Lua log parser for use in RSA NetWitness for Logs
  • Deploy a Lua log parser for use in RSA NetWitness for Logs
  • Perform basic troubleshooting of a Lua log parser

 

Course Outline

  • Log Data Collection
  • When to use Lua for Log Parsing
  • Components of a Lua Parser for Logs
  • Creating Custom Log Parsers
  • Basic Troubleshooting

                                                                                                                                                                                                   Register Now

 

 

In order to register for a class, you need to first create an EMC account

If you need further assistance, contact us

Attachments

    Outcomes