I need to create use case for group policy change in AD server.
Please suggest on this.
There was a thread last year about the same kind of use case: https://community.rsa.com/thread/198998
Would this fit your need?
Thank you for your reply. let me check this parser.
I'm using RSA 10.6.6.0 version so can i run that parser?
Just to clarify - that thread has rules that you would run in your ESA. They aren't parsers, and so would not run on a decoder (log or packet).
That said, yes you should be able to run these rules in a 10.6.6 ESA.
Thanks for your valuable suggestion.
Whenever, i tried to upload this rule on ESA I'm getting below error.
Whenever i tried to rule from advance EPL also I'm getting below error.
Not sure if you tried to upload a screenshot, but it didn't come through so I can't see what error you got.
Really not sure what it is about this set of rules that seems to throw errors on different systems…there's nothing all that unusual or complex about them, they don't use any version-specific function or syntax or meta keys….
You can try copy/pasting the rules from the attached txt file into advanced EPL rules. I was able to save and deploy all of these in my lab (version 126.96.36.199) but, again, there's nothing in these that would limit them to any specific version.
Thank you Joshua
Now it is working for me.
Retrieving data ...