Can I retrieve all metadata of a network session using the REST API? If so, can someone explain to me how this works?
I want to use the sessionid as unique identifier.
You could get it with the following REST Endpoint:
There are also a couple of scripts in some of my other posts that could help, namely REST API to CSV and RSA NetWitness Packet Meta in ELK depending on whether you prefer CSV or JSON output.
Hope this helps!
Thanks! Your answer has put me on the right track!
Retrieving data ...