2014 Global Summit - Three SA Packet Custom Parsers
Attached are the three custom parsers mentioned in the 'Improving Visibility Into Cyber Threats Using Security Analytics' breakout session.
Keep in mind these parsers will likely take some modification based on your environment. Notepad++ can be good for doing such modifications. I recommend using the text reconstruction view to identify response codes. The HTTP Header parser is an intensive parser so if this is used make sure to test that it doesn't cause significant performance issues or dropped packets in your environment.
- Community Thread
- Forum Thread
- RSA NetWitness
- RSA NetWitness Platform