AnsweredAssumed Answered

What is the best way to search for logs from unknown devices?

Question asked by Kevin Cole on Jan 17, 2018
Latest reply on Jan 17, 2018 by Kevin Cole

I have a large environment both in terms of monitored devices (logs & packets) and Netwitness infrastructure (many decoders, concentrators, and brokers).

 

A team that is standing up new devices to be monitored have started sending logs (they say) to a VIP sitting in front of my decoders. These devices do not have a parser built yet, and will likely not be known to Netwitness.

 

Without killing my Broker performance, what's the best way to determine if I've received any logs from these new, unknown devices in the last week?

Outcomes