|Applies To||RSA Product Set: Security Analytics, NetWitness Logs & Packets|
RSA Product/Service Type: Decoder
RSA Version/Condition: 10.6.x
O/S Version: 6.x
|Issue||There is no way in the RSA Security Analytics UI to create a feed that places values into a source and destination language key.|
|Resolution||Steps for creating a feed with a source and destination representation |
The full steps for creating a Custom Feed can be found in the RSA Security Analytics documentation.
Below are the steps to editing the XML file.
In the UI when you are creating a custom feed, the first screen that displays is the define feed screen. Once the Feed is given a name and the .csv file is uploaded there is a drop down menu that you can select that is labeled Advanced Options, select this. The .csv file has IP addresses and the locations. An option to insert a XML Feed file will display and you will need to upload the file. Below is an example of a XML file that is used to denote what the source and destination IP addresses are.
The name that I have given the Feed in the UI is the same name that the name is in this XML file and this name is CustomFeed. The path in the XML file is the name of the .csv file that was used in the UI. In this example the meta keys Location.dst and Location.src will have to be created.
|Notes||When using cider notation it must be defined in the XML file under the Field tag for example (below)|