RSA, a Dell Technologies business, announces the release of RSA® NetWitness Log Parser Tool v1.0 and the RSA® NetWitness Log Parser Community
Dear Valued RSA Customer,
RSA, a Dell Technologies business, is pleased to announce the general availability of RSA NetWitness® Log Parser Tool v1.0. Leveraging unique and robust parsing technology, RSA NetWitness Log Parser Tool provides an easy and convenient way to create, edit and deploy custom Log Parsers on the RSA NetWitness Log Decoder.
RSA NetWitness Log Parser Tool (NwLPT):
The RSA NetWitness Log Parser Tool (NwLPT) is a standalone graphical tool that enables users to create and/or modify event source parser definitions for the RSA NetWitness Log Decoder. Here are some of the scenarios where this tool can be helpful:
User wants to create a parser for a custom application or other niche event sources to be integrated with RSA NetWitness Logs
User wants to improve or modify existing parsers to work differently for their environment or to serve specific use-cases
User wants to validate Logs against specific parsers without connecting with RSA NetWitness platform
User wants to deploy custom parsers across their RSA NetWitness environment
Deploy Parsers on Log Decoder directly from the tool
Generate Parsing Summary
Auto Splitting of Large Log Files
Direct Link to RSA NetWitness Parser Community on GitHub and Help Documents
Parser can be Exported as a Live Resource for simultaneous deployment to multiple decoders
Loading Latest Table-Map/Table-Map-Custom Through the Interface
Special support for structured logs via Advanced Tagval Functionality
Periodic Automatic Saving of Parsers
Graceful Error Handling throughout the tool
The RSA NetWitness product team is committed to continuing to improve the user experience for Logs and Parsers. Thank you to all the customers and individuals who provided feedback during the development phases. We look forward to your continued feedback.
RSA NetWitness Log Parser Community:
A repository to share and contribute event source log parsers for the RSA NetWitness Suite. A new event source log parser that is not currently supported by RSA NetWitness Logs can be developed using the RSA NetWitness Log Parser Tool and shared with the RSA NetWitness Log Parser Community. An existing event source log parser can also be modified to support new message types and patterns and shared with the RSA NetWitness Log Parser Community.
GitHub members can contribute to the repository by adding/editing an event source parser by raising a Pull Request and it'll be reviewed by our engineers for correctness and design, and upon approval, it will be available in the community for free.
All RSA Developed Log Parsers are now Open Sourced under the Apache License 2.0 and available on Github. RSA will continue to actively update these parsers and will also review update contributions from the community.