Deploy Log Parsers in NetWitness 11.x

Document created by RSA Information Design and Development on Nov 9, 2017Last modified by RSA Information Design and Development on Apr 25, 2018
Version 34Show Document
  • View in full screen mode
 

This procedure describes how to deploy Event Source Log Parsers from Live in NetWitness 11.x

  1. Go to CONFIGURE > Live Content.
  2. Browse Live for the Event Source Log Parsers that you need using Log Device as the Resource Type.

    The Event Source Log Parsers available for adding and updating display.

  3. Select the Event Source Log Parsers you want to deploy.

    You have the following two options when deploying Event Source Log parsers:

    • Individually.  You can select one or more Event Source Log Parsers to deploy. For example:

    • Or as a bundle. Choose Bundle from the Resource Types, click Search, then select the Log Parser Pack that contains all Event Source Log Parsers that Security Analytics currently supports.
  4. Deploy the Event Source Log Parsers to the appropriate Log Decoders.
You are here
Table of Contents > Deploy Log Parsers in NetWitness 11.x

Attachments

    Outcomes