Nothing quite fits parsing out the sha2 value in our malware alert we receive. I see ioc is a meta value but it looks like its based on ip's and domains from a list.
I have moved this thread to the RSA NetWitness Platform so that you can get an answer to your question.
You can post future questions and discussions directly to that community by clicking on the Ask a Question or Start a Discussion button on the RSA NetWitness Platform page.
not clear as to your question... please provide sample log and what you are trying to parse.
Is this a syslog message from the MA service that you are trying to parse? if so please provide the syslog message. if its from another system please provide that syslog event
Retrieving data ...