Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

AnsweredAssumed Answered

Retrieve session metadata using REST API

Question asked by Niels Van Eijck on Jul 12, 2019
Latest reply on Jul 19, 2019 by Niels Van Eijck

Like • Show 0 Likes0
Comment • 2

Can I retrieve all metadata of a network session using the REST API? If so, can someone explain to me how this works?

I want to use the sessionid as unique identifier.

Cheers, Niels.

Jul 12, 2019 9:40 AM

Correct Answer

Hi Neils,

You could get it with the following REST Endpoint:

https://brokerip:50103/sdk?msg=query&query=select+*+where+sessionid%3D<sessionid>&size=8192

There are also a couple of scripts in some of my other posts that could help, namely REST API to CSV and RSA NetWitness Packet Meta in ELK depending on whether you prefer CSV or JSON output.

Hope this helps!

Cheers,

Rui

See the reply in context

No one else had this question

Outcomes

2 Replies

Rui Ataide Jul 12, 2019 9:40 AM
Unmark Correct
Correct Answer
Hi Neils,

You could get it with the following REST Endpoint:
```
https://brokerip:50103/sdk?msg=query&query=select+*+where+sessionid%3D<sessionid>&size=8192
```
There are also a couple of scripts in some of my other posts that could help, namely REST API to CSV and RSA NetWitness Packet Meta in ELK depending on whether you prefer CSV or JSON output.

Hope this helps!

Cheers,

Rui
1 person found this helpful
Like • Show 1 Like1
Actions
- Niels Van Eijck @ Rui Ataide on Jul 19, 2019 8:14 AM
  Mark Correct
  Correct Answer
  Hi Rui,
  
  Thanks! Your answer has put me on the right track!
  
  Cheers, Niels.
  Like • Show 1 Like1
  Actions

Recommended Content