on Jan 3, 2017Does RSA have a OOTB alerts guide that describes the basic alerts and how they should be interpreted? Alerts - packet, logs and ESA.
Does RSA have a OOTB alerts guide that describes the basic alerts and how they should be interpreted? Alerts - packet, logs and ESA.
Are you looking for descriptions of the OOTB ESA alerts or application rules and syntax or something else ?
https://community.rsa.com/community/products/netwitness/rsa-content
Hi Eric,
Not quite... I am looking for a document to help interpret meta. Ex. single packet tcp, single packet udp. Just the generic items that I can provide to our customers to help them understand what the alerts mean and how to interpret them.
Tom J
https://community.rsa.com/docs/DOC-62341
Check out farther down the page... the written metavalues are described there (single sided udp, single sided up).
Thanks Eric,
This is what I was looking for... just a side note. Ex. single sided tcp and single packet tcp. The ir.general module refers to it as single sided tcp... for the Palo source.
Tom J
https://community.rsa.com/docs/DOC-62341
Check out farther down the page... the written metavalues are described there (single sided udp, single sided up).