Event Processing Language is utilised within the NetWitness Event Stream Analysis (ESA) component. This language is what allows us to write advanced correlation rules to detect and thwart the advanced threats we face on a constant basis; it allows us to make sense, to organise and sift through the copious amounts of metadata which is produced on a daily basis.
EPL can seem a little daunting upon first glance, but understanding a few basic principles will allow you to create a plethora of use cases - I have created a document to better understand those principles, to extend my knowledge, and hopefully yours as well:-
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.