Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

AnsweredAssumed Answered

Retrieve session metadata using REST API

Question asked by Niels Van Eijck on Jul 12, 2019
Latest reply on Jul 12, 2019 by Rui Ataide

Like • Show 0 Likes0
Comment • 1

Can I retrieve all metadata of a network session using the REST API? If so, can someone explain to me how this works?

I want to use the sessionid as unique identifier.

Cheers, Niels.

No one else has this question

Outcomes

1 Reply

Rui Ataide Jul 12, 2019 9:40 AM
Mark Correct
Correct Answer
Hi Neils,

You could get it with the following REST Endpoint:
```
https://brokerip:50103/sdk?msg=query&query=select+*+where+sessionid%3D<sessionid>&size=8192
```
There are also a couple of scripts in some of my other posts that could help, namely REST API to CSV and RSA NetWitness Packet Meta in ELK depending on whether you prefer CSV or JSON output.

Hope this helps!

Cheers,

Rui
Like • Show 0 Likes0
Actions

Recommended Content