Deploy Log Parsers in Security Analytics 10.x

Document created by RSA Information Design and Development on Nov 9, 2017Last modified by RSA Information Design and Development on Nov 15, 2018
Version 59Show Document
  • View in full screen mode
 

This procedure describes how to deploy Event Source Log Parsers from Live in Security Analytics 10.x.

  1. From the Security Analytics menu, select Live > Search.
  2. Browse Live for the Event Source Log Parsers that you need using RSA Log Device as the Resource Type.

    The Event Source Log Parsers available for adding and updating display.

  3. Select the Event Source Log Parsers you want to deploy.

    You have the following two options when deploying Event Source Log parsers:

    • Individually.  You can select one or more Event Source Log Parsers to deploy. For example:

    • Or as a bundle. Choose Bundle from the Resource Types, click Search, then select the Log Parser Pack that contains all Event Source Log Parsers that Security Analytics currently supports.
  4. Deploy the Event Source Log Parsers to the appropriate Log Decoders.
You are here
Table of Contents > Deploy Log Parsers in Security Analytics 10.x

Attachments

    Outcomes