AnsweredAssumed Answered

Processing sequence

Question asked by Maximiliano Cittadini on Nov 8, 2017
Latest reply on Nov 12, 2017 by Mj Knudsen
  • Comment8

I know that in a Log Decoder Service, the log processing sequence is like:

Parsers --> Rules --> Feeds

but, I need to create an App Rule to generate meta based on other meta generated by a custom feed.

The use case is as follows:

 

I got a user.src and search that username in a custom feed. The feed enrich that meta with a new one: user.src.name. I want to generate an alert meta when in a log I got user.src but not user.src.name.

 

any ideas?

No one else has this question

Outcomes

    Visibility: RSA NetWitness Platform420 Views
    Last modified on Nov 8, 2017 11:24 AM
    Tags:
    Categories: RSA NetWitness Logs
    Ratings: