payload of the packet with ESA rules?
Does anybody know how to look in the payload of the packet with ESA rules?
I have looked at rules and they rule D.payload but they just use common metakeys, I want to look in the content of the packet.
- Community Thread
- Forum Thread
- RSA NetWitness
- RSA NetWitness Platform
ESA only works with meta.
To look for something in the packet payload, you should use a parser / app rule on the decoder to generate meta, and then use an ESA rule on meta you generate.