Alert in NetWitness when ECAT IIOC score goes over a certain number

Question asked by Jeremy Kerwin on Jun 26, 2017
Jun 28, 2017

Hi Everyone,

I'm not sure if it's possible, but what I'd like to do is generate an IIOC alert when a machines score goes over a certain number (in our case it's 100).


I know how to create an alert in NetWitness based on generated meta, what I'd like to know is how to create an IIOC in ECAT to generate that meta if a machine goes over 100.

I could be mistaken and this isn't possible.

Anyone have any ideas and pointers to documentation that may help.