RSA NetWitness Log Parser Creation

Document created by Connor Mccarthy Employee on Mar 9, 2018Last modified by Connor Mccarthy Employee on Aug 8, 2018
Version 14Show Document
  • View in full screen mode

On-Demand Lab Details

Register

 

 

In order to register for a class, you need to first create an EMC account

If you need further assistance, contact us

 

Summary

This On-Demand lab will provide students with the information and a virtual environment to practice creating and deploying log parsers within RSA NetWitness.

 

Overview

This On-Demand lab will provide students with the information and a virtual environment to practice creating and deploying log parsers within RSA NetWitness. Students will be introduced to reviewing the metadata framework, creating log parsers using the NetWitness Log Parser Tool (LPT), and deploying log parsers within RSA NetWitness Logs.


Audience

SE, PS, CS, Customer, Partner


Delivery Type
On-Demand Lab (self-paced eLearning with lab)


Duration
4 hours
Note: RSA University’s on-demand lab environment is provided for 10 hours of overall practice time over a 14-day period.


Accessing the Lab Environment
Lab exercises are performed in the RSA University virtual lab environment. The downloadable Lab Guide provides detailed instructions on access the environment. For more information please view the document Access RSA University Virtual Labs – available on the RSA University site:

RSA University Content


Prerequisite Knowledge/Skills

  • RSA NetWitness Logs & Network: Foundations
  • RSA NetWitness Logs & Network Core Administration

 

Learning Objectives

Upon successful completion of this course, participants should be able to:

  • Describe the RSA NetWitness Logs & Network log data flow
  • Describe the role of parsers in RSA NetWitness Logs & Network
  • Describe the process used to create and deploy log parsers
  • Create a Log Parser using the Event Source Integrator (ESI) Tool
  • Deploy a Log Parser for use in RSA NetWitness Logs & Network
  • Modify service configuration files to add custom meta keys
  • Modify Security Analytics to receive file-based logs from devices not currently supported

 

Course Outline
Log Data Collection

  • The flow of log data
  • The Log Collector service
  • Configuring Log Decoders
  • Log Decoder meta generation
  • Log data processing
  • Service configuration files
  • Index files
  • Meta key definition


Introduction to Parsers

  • What is a parser?
  • Parser types
  • What is a log parser?
  • Deploying log parser content
  • XML device format
  • Parsing an XML file
  • Steps to create a log parser

 

Creating a Log Parser using the NetWitness Log Parser Tool (LPT)

  • What is the LPT?
  • LPT features and interface
  • Defining headers and message IDs
  • Defining variables
  • Defining the message event category
  • Deploying the parser

 

 

 

 

On-Demand Lab Details

Register

 

 

In order to register for a class, you need to first create an EMC account

If you need further assistance, contact us

Attachments

    Outcomes