How can I create and add department meta with in investigation and How can I enter ip along with its department as a feed so that i can get populate under department meta
I guess you’re looking for this?
Thanks Deepanshu for the share. It is really helpful for me.
I had also created this once. Good luck!!!
Have you created any ESA rule for virus outbreak?
Where you get stuck in this?
I have created feed for the dapartment with the following config;
and at log decoder and concentrator I have made some configurations like;
At concentrator : In “index-concentrator-custom.xml”
<!-- *** Please insert your custom keys or modifications below this line *** -->
<Key description="Department" level="IndexValues" name="department.src" format="Text" valueMax="10000" defaultAction="Open"/>
At log decoder : In “index-logdecoder-custom.xml:
<Key description="Department" level="IndexNone" name="department.src" format="Text"/>
But Still neither I am getting the specified meta nor fields. Can anyone tell what is wrong in it.
NOTE: I have restarted both appliances services.
I was going to suggest that you log a technical support case for this issue however it appears that you have already done so and that the case was resolved on March 24th.
Is that correct and if so could you please mark this question as answered?
If not I would recommend logging a case for this to get more in depth support from an engineer.
RSA Social Engagement Manager
Yes I resolved this case and for the another issue regarding the meta and feed was also got resolved in RSA SA 10.6
Retrieving data ...