Abdullah Naina

Query on getting the total attack count from the RSA Netwitness Server

Discussion created by Abdullah Naina on Oct 31, 2017
Latest reply on Nov 1, 2017 by Rui Ataide

Hi all,

I have a task which my boss asked me to do. He wanted me to make the php script to send to the RSA Netwitness to get the total attack count and show on the website, digital attack map. 

So i created a php script and perform the query of getting the total attack count in the RSA Netwitness and get the data.

 

Here is my code below.

 

<?php

include 'config.php';
$filename = 'http://'.$SAUser.':'.$SAPass.'@'.$DevIP.':'.$DevPort.'/sdk?msg=query&force-content-type=application/json&expiry=600&query=select%20count%28*%29%20where%20device.type%3D%27snort%27%26%26%20alert%20exists%20%26%26%20alert%3D%27tag_cesium%27%2C%27tag_cesium_extra%27%20%26%26%20time%3d'.$DataWithinTime.'-u';



$json = file_get_contents($filename);
echo $json;

?>

In the script, the filename represent the IP Address, Port Number, Username and password of the RSA Netwitness and perform the query (counting all the rows of attack at the particular time).

When I run the script,

the output is shown below

 

[
{
"flags" : 1074200578,
"results" : {
"id1" : 0,
"id2" : 0,
"fields" : [
{
"id1" : 0,
"id2" : 0,
"count" : 0,
"format" : 8,
"type" : "",
"flags" : 2,
"group" : 0,
"value" : "0"
}
]
}
},
{
"flags" : 1074200577,
"results" : {
"id1" : 32155288570,
"id2" : 32155288569,
"fields" : [
]
}
}
]

 

I am not able to grasp the total attack count values.. Any guidance or link that can help me in this.

Please help me. Thank you.

Outcomes