AnsweredAssumed Answered

looking to parse out sha2 value using LPT

Question asked by John Babio on Mar 13, 2018
Latest reply on Mar 14, 2018 by Eric Partington

Like • Show 0 Likes0
Comment • 2

Nothing quite fits parsing out the sha2 value in our malware alert we receive. I see ioc is a meta value but it looks like its based on ip's and domains from a list.

No one else has this question

Outcomes

2 Replies

Jeff Shurtliff Mar 13, 2018 9:54 AM
Mark Correct
Correct Answer
Hi John,

I have moved this thread to the RSA NetWitness Platform so that you can get an answer to your question.

You can post future questions and discussions directly to that community by clicking on the Ask a Question or Start a Discussion button on the RSA NetWitness Platform page.

Thanks,
Jeff
Like • Show 0 Likes0
Actions
Eric Partington Mar 14, 2018 8:46 AM
Mark Correct
Correct Answer
not clear as to your question... please provide sample log and what you are trying to parse.

Is this a syslog message from the MA service that you are trying to parse? if so please provide the syslog message. if its from another system please provide that syslog event
Like • Show 0 Likes0
Actions

looking to parse out sha2 value using LPT

Outcomes

Related Content

Recommended Content