This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

RSA NetWitness® Platform Discussions

Discussions about the RSA NetWitness Platform.
linoavila
Beginner
Beginner
‎2014-06-25 11:56 AM

payload of the packet with ESA rules?

Does anybody know how to look in the payload of the packet with ESA rules?

 

I have looked at rules and they rule D.payload but they just use common metakeys, I want to look in the content of the packet.

0 Likes
Reply
1 Reply
ChrisThomas
Occasional Contributor Occasional Contributor
Occasional Contributor
‎2014-06-30 11:39 PM

ESA only works with meta.

To look for something in the packet payload, you should use a parser / app rule on the decoder to generate meta, and then use an ESA rule on meta you generate.

0 Likes
Reply
© 2021 RSA Security LLC or its affiliates.
All rights reserved.